mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-11 21:36:23 +00:00
3e4a902010
Use the libsepol bounds checking to check for and report user and role bounds violations. For type bounds checking, use libsepol bounds checking to determine if there is a violation for a given type. For each violation display an error message that includes the CIL AST from the root node to the node of the rule causing the violation. Example error report: Child type b_t3_c exceeds bounds of parent b_t3 (allow b_t3_c b_tc (file (write))) <root> booleanif at line 148633 of cil.conf.bounds true at line 148634 of cil.conf.bounds allow at line 148636 of cil.conf.bounds (allow b_t3_c b_tc (file (read write))) Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> |
||
---|---|---|
.. | ||
include/cil | ||
src | ||
test | ||
.gitignore |