On Wednesday, November 05, 2014 03:51:52 PM Stephen Smalley wrote: > On 11/05/2014 03:48 PM, Paul Moore wrote: > > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote: > >> Hi. > >> > >> trinity triggered this kernel warning in selinux_netlink_send on Linux > >> 3.18-rc3. > > > > It looks like trinity sent a bogus netlink message to the kernel and > > SELinux responded as I would expect it to, with a WARN_ONCE() message. > > Thank you for your help in testing, but I don't see a problem here that > > needs to be resolved. > > I guess the only thing new here is that this message used to be directed > to the audit system via audit_log() and was changed to use WARN_ONCE(). > Why was that change made (the change description gives no rationale)? My understanding was that the audit record didn't fit the hoped-for-but-not- really-a-standard name value pair format that the audit folks like. Richard wanted to either normalize the audit record or replace it with something else. > Is this an appropriate use of WARN_ONCE()? In retrospect, we could probably do better. I don't think it should be an audit record, but I can see the point that a backtrace and scary WARNING! display are probably a bit too much. Richard, how about converting this WARN_ONCE() to a printk_once(), or similar? -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
