selinux prelink avc's (broken paths in policy?)
Christopher Ashworth
cashworth at tresys.com
Wed May 24 14:39:30 UTC 2006
On Wed, 2006-05-24 at 15:22 +0100, Paul Howarth wrote:
> Is the sorting algorithm documented somewhere (the wiki?)?
The sorting algorithm is based on the following heuristics, applied in
this order:
When comparing two file contexts A and B...
- if A is a regular expression and B is not, A is less specific than B
- if A's stem length (the number of characters before the first regular
expression wildcard) is shorter than B's stem length, A is less specific
than B
- if A's string length (the entire length of the file context string) is
shorter than B's string length, A is less specific than B
- if A does not have a specified type and B does, A is less specific
than B.
- else, they are considered equally specific.
These are the same heuristics applied to file contexts when building
reference policy.
The sort is implemented as a stable iterative mergesort.
Christopher
More information about the fedora-selinux-list
mailing list