[PATCH] --secontext: Implement displaying of expected context upon mismatch
Dmitry V. Levin
ldv at altlinux.org
Tue Dec 7 06:58:32 UTC 2021
On Tue, Dec 07, 2021 at 07:35:25AM +0100, Renaud Métrich wrote:
> Well anything can be chosen, there is no getfilecon/getpidcon
> functionality here: SELinux has no idea what is really expected, it's a
> comparison to its database (which isn't used by the kernel and the
> kernel is not aware of).
>
> So I chose to display a "!!" for now:
>
> "myfile" [foobar_t!!expected_context_t]
I guess you've chosen "!!" because you don't expect a valid context type
containing "!!" like "foobar_t!!expected_context_t".
--
ldv
More information about the Strace-devel
mailing list