Comment 2 for bug 1226356
Revision history for this message
| John Johansen (jjohansen) wrote Re: explicit deny rules do not silence logging denials | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Maybe,
the parser currently clears deny bit once it has subtracted any allows from the state. I need to double check the dfa-states dump but I believe it is post clearing of the deny bits. It does this because the permission interface to the kernel does not currently track explicit denies. Since the information is not being used by the kernel the parser is throwing it away early in hopes of being able to reduce more states. The mask to be looking at is the quiet mask, which is cleared too.
what is the output with -D expr-tree -D node-map