[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: selinux prelink avc's (broken paths in policy?)
- From: Christopher Ashworth <cashworth tresys com>
- To: Paul Howarth <paul city-fan org>
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: selinux prelink avc's (broken paths in policy?)
- Date: Wed, 24 May 2006 10:39:30 -0400
On Wed, 2006-05-24 at 15:22 +0100, Paul Howarth wrote:
> Is the sorting algorithm documented somewhere (the wiki?)?
The sorting algorithm is based on the following heuristics, applied in
this order:
When comparing two file contexts A and B...
- if A is a regular expression and B is not, A is less specific than B
- if A's stem length (the number of characters before the first regular
expression wildcard) is shorter than B's stem length, A is less specific
than B
- if A's string length (the entire length of the file context string) is
shorter than B's string length, A is less specific than B
- if A does not have a specified type and B does, A is less specific
than B.
- else, they are considered equally specific.
These are the same heuristics applied to file contexts when building
reference policy.
The sort is implemented as a stable iterative mergesort.
Christopher
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]