[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday, November 12, 2014 02:01:34 PM Richard Guy Briggs wrote:
> Convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm().
> 
> After conversion from audit_log() in commit e173fb26, WARN_ONCE() was deemed
> too alarmist, so switch it to printk_once().  If this gets buried in the
> noise, it may be converted to a rate-limited call in the future.
> 
> Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> ---
>  security/selinux/hooks.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index e663141..17d0066 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -4725,9 +4725,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct
> sk_buff *skb) err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type,
> &perm); if (err) {
>  		if (err == -EINVAL) {
> -			WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink 
message:"
> -				  " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
> -				  sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
> +			printk_once("selinux_nlmsg_perm: unrecognized netlink message:"
> +				    " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
> +				    sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
>  			if (!selinux_enforcing || security_get_allow_unknown())
>  				err = 0;
>  		}

My apologies, I should have noticed this sooner, but printk_once() is probably 
not a good choice here as only the first invalid netlink message will be 
displayed.  This is fine if all the invalid netlink messages happen the same, 
but that isn't likely to be the case.

Richard, any objections if I convert the printk_once() to a printk(WARN) and 
update the patch description accordingly?

-- 
paul moore
security and virtualization @ redhat

--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux SCSI]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux