| Message ID | 20220629110512.5067-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 36bf1be1cab5 |
| Headers | show |
| Series | libsepol/utils: improve wording | expand |
On Wed, Jun 29, 2022 at 7:06 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not > allowed to transition to the target role, granted via a > > allow source_role target_role; > > statement. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/utils/sepol_check_access.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c > index bd2ea896..5d2bf679 100644 > --- a/libsepol/utils/sepol_check_access.c > +++ b/libsepol/utils/sepol_check_access.c > @@ -109,7 +109,7 @@ int main(int argc, char *argv[]) > if (reason & SEPOL_COMPUTEAV_RBAC) { > if (i > 0) > printf(", "); > - printf("transition-constraint"); > + printf("role-transition"); > i++; > } > if (reason & SEPOL_COMPUTEAV_BOUNDS) { > -- > 2.36.1 >
On Thu, Jun 30, 2022 at 2:30 PM James Carter <jwcart2@gmail.com> wrote: > > On Wed, Jun 29, 2022 at 7:06 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not > > allowed to transition to the target role, granted via a > > > > allow source_role target_role; > > > > statement. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/utils/sepol_check_access.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c > > index bd2ea896..5d2bf679 100644 > > --- a/libsepol/utils/sepol_check_access.c > > +++ b/libsepol/utils/sepol_check_access.c > > @@ -109,7 +109,7 @@ int main(int argc, char *argv[]) > > if (reason & SEPOL_COMPUTEAV_RBAC) { > > if (i > 0) > > printf(", "); > > - printf("transition-constraint"); > > + printf("role-transition"); > > i++; > > } > > if (reason & SEPOL_COMPUTEAV_BOUNDS) { > > -- > > 2.36.1 > >
diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c index bd2ea896..5d2bf679 100644 --- a/libsepol/utils/sepol_check_access.c +++ b/libsepol/utils/sepol_check_access.c @@ -109,7 +109,7 @@ int main(int argc, char *argv[]) if (reason & SEPOL_COMPUTEAV_RBAC) { if (i > 0) printf(", "); - printf("transition-constraint"); + printf("role-transition"); i++; } if (reason & SEPOL_COMPUTEAV_BOUNDS) {
A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not allowed to transition to the target role, granted via a allow source_role target_role; statement. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/utils/sepol_check_access.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)