topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-12-11 21:36:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

semanage: correct fcontext auditing

Browse Source 
For modify action actually audit the selinux type, i.e. use setype
variable.

For deleting equal fcontext rules do not audit ftype, as the ftype value
for equal rules makes little sense.

Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
This commit is contained in:
Miroslav Vadkerti 2016-08-12 15:57:16 +02:00 committed by James Carter
parent 7f34831c7b
commit cc5b484c2b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policycoreutils/semanage/seobject.py
View File

@ -1991,7 +1991,7 @@ class fcontextRecords(semanageRecords):
if not seuser:
seuser = "system_u"
self.mylog.log_change("resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", type, serange))
self.mylog.log_change("resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", setype, serange))
def modify(self, target, setype, ftype, serange, seuser):
self.begin()
@ -2029,7 +2029,7 @@ class fcontextRecords(semanageRecords):
self.equiv.pop(target)
self.equal_ind = True
self.mylog.log_change("resrc=fcontext op=delete-equal %s ftype=%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype]))
self.mylog.log_change("resrc=fcontext op=delete-equal %s" % (audit.audit_encode_nv_string("tglob", target, 0)))
return