On Tue, 2006-02-21 at 17:59 -0600, Darrel Goeddel wrote:
The updated version of Dustin's patch I referred to is below.
The changes are
are follows:
- printk a warning and ignore invalid selinux rules (but still hang on to them
so they may be activated with a later policy reload).
Should this be a printk or an audit_log call?
@@ -370,6 +410,14 @@ static int audit_compare_rule(struct aud
if (audit_compare_watch(a->watch, b->watch))
return 1;
break;
+ case AUDIT_SE_USER:
+ case AUDIT_SE_ROLE:
+ case AUDIT_SE_TYPE:
+ case AUDIT_SE_SEN:
+ case AUDIT_SE_CLR:
+ if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
+ return 1;
+ break;
Do you want to catch aliases here? If so, you need to have SELinux look
up the strings and compare the actual values. But possibly that isn't
critical for the purposes of just preventing duplicate filters.
--
Stephen Smalley
National Security Agency