nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

selinux: cleanup error reporting in selinux_nlmsg_perm()

Browse source 
Convert audit_log() call to WARN_ONCE().

Rename "type=" to nlmsg_type=" to avoid confusion with the audit record
type.

Added "protocol=" to help track down which protocol (NETLINK_AUDIT?) was used
within the netlink protocol family.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[Rewrote the patch subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
This commit is contained in:
Richard Guy Briggs 2014-09-18 20:50:17 -04:00 committed by Paul Moore
parent cbe0d6e879
commit e173fb2646
1 changed files with 3 additions and 4 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

7
security/selinux/hooks.c
View file

@ -4727,10 +4727,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
if (err) { if (err) {
if (err == -EINVAL) { if (err == -EINVAL) {
audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR, WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink message:"
"SELinux: unrecognized netlink message" " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
" type=%hu for sclass=%hu\n", sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
nlh->nlmsg_type, sksec->sclass);
if (!selinux_enforcing || security_get_allow_unknown()) if (!selinux_enforcing || security_get_allow_unknown())
err = 0; err = 0;
} }