diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-15 13:39:06 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-15 13:39:06 -0400 |
| commit | 6f7dac117d895596ca52b935bdd534ac9032deb4 (patch) | |
| tree | 6849552eb982490783045b00069751bb3a3eb03e /security/selinux/hooks.c | |
| parent | 92d4a03674b8c399c2f547580fa509db78226170 (diff) | |
| parent | 7e4237faa7213c1cc1d0aa65a44c67ba4729ce9f (diff) | |
Merge tag 'selinux-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux updates from Paul Moore:
"There are 16 patches in here but really only one that is of any
significance. That one patch is by nixiaoming and fixes a few places
where we were not properly cleaning up dentry and inode objects in the
selinuxfs error handling code. The rest are either printk->pr_*
conversions, constification tweaks, and a minor tweak to MAINTAINERS.
Everything passes the selinux-testsuite and looks to merge cleanly
against your master branch"
* tag 'selinux-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: cleanup dentry and inodes on error in selinuxfs
selinux: constify write_op[]
selinux: Cleanup printk logging in netnode
selinux: Cleanup printk logging in avc
selinux: Cleanup printk logging in netif
selinux: Cleanup printk logging in netport
selinux: Cleanup printk logging in sidtab
selinux: Cleanup printk logging in netlink
selinux: Cleanup printk logging in selinuxfs
selinux: Cleanup printk logging in services
selinux: Cleanup printk logging in avtab
selinux: Cleanup printk logging in hooks
selinux: Cleanup printk logging in policydb
selinux: Cleanup printk logging in ebitmap
selinux: Cleanup printk logging in conditional
MAINTAINERS: update the LSM and SELinux subsystems
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 68 |
1 files changed, 33 insertions, 35 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 589c6b4023ce..ad9a9b8e9979 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -530,7 +530,7 @@ static int sb_finish_set_opts(struct super_block *sb) | |||
| 530 | the first boot of the SELinux kernel before we have | 530 | the first boot of the SELinux kernel before we have |
| 531 | assigned xattr values to the filesystem. */ | 531 | assigned xattr values to the filesystem. */ |
| 532 | if (!(root_inode->i_opflags & IOP_XATTR)) { | 532 | if (!(root_inode->i_opflags & IOP_XATTR)) { |
| 533 | printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " | 533 | pr_warn("SELinux: (dev %s, type %s) has no " |
| 534 | "xattr support\n", sb->s_id, sb->s_type->name); | 534 | "xattr support\n", sb->s_id, sb->s_type->name); |
| 535 | rc = -EOPNOTSUPP; | 535 | rc = -EOPNOTSUPP; |
| 536 | goto out; | 536 | goto out; |
| @@ -539,11 +539,11 @@ static int sb_finish_set_opts(struct super_block *sb) | |||
| 539 | rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0); | 539 | rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0); |
| 540 | if (rc < 0 && rc != -ENODATA) { | 540 | if (rc < 0 && rc != -ENODATA) { |
| 541 | if (rc == -EOPNOTSUPP) | 541 | if (rc == -EOPNOTSUPP) |
| 542 | printk(KERN_WARNING "SELinux: (dev %s, type " | 542 | pr_warn("SELinux: (dev %s, type " |
| 543 | "%s) has no security xattr handler\n", | 543 | "%s) has no security xattr handler\n", |
| 544 | sb->s_id, sb->s_type->name); | 544 | sb->s_id, sb->s_type->name); |
| 545 | else | 545 | else |
| 546 | printk(KERN_WARNING "SELinux: (dev %s, type " | 546 | pr_warn("SELinux: (dev %s, type " |
| 547 | "%s) getxattr errno %d\n", sb->s_id, | 547 | "%s) getxattr errno %d\n", sb->s_id, |
| 548 | sb->s_type->name, -rc); | 548 | sb->s_type->name, -rc); |
| 549 | goto out; | 549 | goto out; |
| @@ -742,7 +742,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 742 | goto out; | 742 | goto out; |
| 743 | } | 743 | } |
| 744 | rc = -EINVAL; | 744 | rc = -EINVAL; |
| 745 | printk(KERN_WARNING "SELinux: Unable to set superblock options " | 745 | pr_warn("SELinux: Unable to set superblock options " |
| 746 | "before the security server is initialized\n"); | 746 | "before the security server is initialized\n"); |
| 747 | goto out; | 747 | goto out; |
| 748 | } | 748 | } |
| @@ -784,7 +784,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 784 | mount_options[i], &sid, | 784 | mount_options[i], &sid, |
| 785 | GFP_KERNEL); | 785 | GFP_KERNEL); |
| 786 | if (rc) { | 786 | if (rc) { |
| 787 | printk(KERN_WARNING "SELinux: security_context_str_to_sid" | 787 | pr_warn("SELinux: security_context_str_to_sid" |
| 788 | "(%s) failed for (dev %s, type %s) errno=%d\n", | 788 | "(%s) failed for (dev %s, type %s) errno=%d\n", |
| 789 | mount_options[i], sb->s_id, name, rc); | 789 | mount_options[i], sb->s_id, name, rc); |
| 790 | goto out; | 790 | goto out; |
| @@ -860,8 +860,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 860 | */ | 860 | */ |
| 861 | rc = security_fs_use(&selinux_state, sb); | 861 | rc = security_fs_use(&selinux_state, sb); |
| 862 | if (rc) { | 862 | if (rc) { |
| 863 | printk(KERN_WARNING | 863 | pr_warn("%s: security_fs_use(%s) returned %d\n", |
| 864 | "%s: security_fs_use(%s) returned %d\n", | ||
| 865 | __func__, sb->s_type->name, rc); | 864 | __func__, sb->s_type->name, rc); |
| 866 | goto out; | 865 | goto out; |
| 867 | } | 866 | } |
| @@ -947,7 +946,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 947 | if (sbsec->behavior != SECURITY_FS_USE_XATTR && | 946 | if (sbsec->behavior != SECURITY_FS_USE_XATTR && |
| 948 | sbsec->behavior != SECURITY_FS_USE_NATIVE) { | 947 | sbsec->behavior != SECURITY_FS_USE_NATIVE) { |
| 949 | rc = -EINVAL; | 948 | rc = -EINVAL; |
| 950 | printk(KERN_WARNING "SELinux: defcontext option is " | 949 | pr_warn("SELinux: defcontext option is " |
| 951 | "invalid for this filesystem type\n"); | 950 | "invalid for this filesystem type\n"); |
| 952 | goto out; | 951 | goto out; |
| 953 | } | 952 | } |
| @@ -969,7 +968,7 @@ out: | |||
| 969 | return rc; | 968 | return rc; |
| 970 | out_double_mount: | 969 | out_double_mount: |
| 971 | rc = -EINVAL; | 970 | rc = -EINVAL; |
| 972 | printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " | 971 | pr_warn("SELinux: mount invalid. Same superblock, different " |
| 973 | "security settings for (dev %s, type %s)\n", sb->s_id, name); | 972 | "security settings for (dev %s, type %s)\n", sb->s_id, name); |
| 974 | goto out; | 973 | goto out; |
| 975 | } | 974 | } |
| @@ -998,7 +997,7 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, | |||
| 998 | } | 997 | } |
| 999 | return 0; | 998 | return 0; |
| 1000 | mismatch: | 999 | mismatch: |
| 1001 | printk(KERN_WARNING "SELinux: mount invalid. Same superblock, " | 1000 | pr_warn("SELinux: mount invalid. Same superblock, " |
| 1002 | "different security settings for (dev %s, " | 1001 | "different security settings for (dev %s, " |
| 1003 | "type %s)\n", newsb->s_id, newsb->s_type->name); | 1002 | "type %s)\n", newsb->s_id, newsb->s_type->name); |
| 1004 | return -EBUSY; | 1003 | return -EBUSY; |
| @@ -1106,7 +1105,7 @@ static int selinux_parse_opts_str(char *options, | |||
| 1106 | case Opt_context: | 1105 | case Opt_context: |
| 1107 | if (context || defcontext) { | 1106 | if (context || defcontext) { |
| 1108 | rc = -EINVAL; | 1107 | rc = -EINVAL; |
| 1109 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 1108 | pr_warn(SEL_MOUNT_FAIL_MSG); |
| 1110 | goto out_err; | 1109 | goto out_err; |
| 1111 | } | 1110 | } |
| 1112 | context = match_strdup(&args[0]); | 1111 | context = match_strdup(&args[0]); |
| @@ -1119,7 +1118,7 @@ static int selinux_parse_opts_str(char *options, | |||
| 1119 | case Opt_fscontext: | 1118 | case Opt_fscontext: |
| 1120 | if (fscontext) { | 1119 | if (fscontext) { |
| 1121 | rc = -EINVAL; | 1120 | rc = -EINVAL; |
| 1122 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 1121 | pr_warn(SEL_MOUNT_FAIL_MSG); |
| 1123 | goto out_err; | 1122 | goto out_err; |
| 1124 | } | 1123 | } |
| 1125 | fscontext = match_strdup(&args[0]); | 1124 | fscontext = match_strdup(&args[0]); |
| @@ -1132,7 +1131,7 @@ static int selinux_parse_opts_str(char *options, | |||
| 1132 | case Opt_rootcontext: | 1131 | case Opt_rootcontext: |
| 1133 | if (rootcontext) { | 1132 | if (rootcontext) { |
| 1134 | rc = -EINVAL; | 1133 | rc = -EINVAL; |
| 1135 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 1134 | pr_warn(SEL_MOUNT_FAIL_MSG); |
| 1136 | goto out_err; | 1135 | goto out_err; |
| 1137 | } | 1136 | } |
| 1138 | rootcontext = match_strdup(&args[0]); | 1137 | rootcontext = match_strdup(&args[0]); |
| @@ -1145,7 +1144,7 @@ static int selinux_parse_opts_str(char *options, | |||
| 1145 | case Opt_defcontext: | 1144 | case Opt_defcontext: |
| 1146 | if (context || defcontext) { | 1145 | if (context || defcontext) { |
| 1147 | rc = -EINVAL; | 1146 | rc = -EINVAL; |
| 1148 | printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); | 1147 | pr_warn(SEL_MOUNT_FAIL_MSG); |
| 1149 | goto out_err; | 1148 | goto out_err; |
| 1150 | } | 1149 | } |
| 1151 | defcontext = match_strdup(&args[0]); | 1150 | defcontext = match_strdup(&args[0]); |
| @@ -1158,7 +1157,7 @@ static int selinux_parse_opts_str(char *options, | |||
| 1158 | break; | 1157 | break; |
| 1159 | default: | 1158 | default: |
| 1160 | rc = -EINVAL; | 1159 | rc = -EINVAL; |
| 1161 | printk(KERN_WARNING "SELinux: unknown mount option\n"); | 1160 | pr_warn("SELinux: unknown mount option\n"); |
| 1162 | goto out_err; | 1161 | goto out_err; |
| 1163 | 1162 | ||
| 1164 | } | 1163 | } |
| @@ -1623,7 +1622,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1623 | dput(dentry); | 1622 | dput(dentry); |
| 1624 | if (rc < 0) { | 1623 | if (rc < 0) { |
| 1625 | if (rc != -ENODATA) { | 1624 | if (rc != -ENODATA) { |
| 1626 | printk(KERN_WARNING "SELinux: %s: getxattr returned " | 1625 | pr_warn("SELinux: %s: getxattr returned " |
| 1627 | "%d for dev=%s ino=%ld\n", __func__, | 1626 | "%d for dev=%s ino=%ld\n", __func__, |
| 1628 | -rc, inode->i_sb->s_id, inode->i_ino); | 1627 | -rc, inode->i_sb->s_id, inode->i_ino); |
| 1629 | kfree(context); | 1628 | kfree(context); |
| @@ -1643,11 +1642,11 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1643 | 1642 | ||
| 1644 | if (rc == -EINVAL) { | 1643 | if (rc == -EINVAL) { |
| 1645 | if (printk_ratelimit()) | 1644 | if (printk_ratelimit()) |
| 1646 | printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid " | 1645 | pr_notice("SELinux: inode=%lu on dev=%s was found to have an invalid " |
| 1647 | "context=%s. This indicates you may need to relabel the inode or the " | 1646 | "context=%s. This indicates you may need to relabel the inode or the " |
| 1648 | "filesystem in question.\n", ino, dev, context); | 1647 | "filesystem in question.\n", ino, dev, context); |
| 1649 | } else { | 1648 | } else { |
| 1650 | printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " | 1649 | pr_warn("SELinux: %s: context_to_sid(%s) " |
| 1651 | "returned %d for dev=%s ino=%ld\n", | 1650 | "returned %d for dev=%s ino=%ld\n", |
| 1652 | __func__, context, -rc, dev, ino); | 1651 | __func__, context, -rc, dev, ino); |
| 1653 | } | 1652 | } |
| @@ -1785,8 +1784,7 @@ static int cred_has_capability(const struct cred *cred, | |||
| 1785 | sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS; | 1784 | sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS; |
| 1786 | break; | 1785 | break; |
| 1787 | default: | 1786 | default: |
| 1788 | printk(KERN_ERR | 1787 | pr_err("SELinux: out of range capability %d\n", cap); |
| 1789 | "SELinux: out of range capability %d\n", cap); | ||
| 1790 | BUG(); | 1788 | BUG(); |
| 1791 | return -EINVAL; | 1789 | return -EINVAL; |
| 1792 | } | 1790 | } |
| @@ -2029,7 +2027,7 @@ static int may_link(struct inode *dir, | |||
| 2029 | av = DIR__RMDIR; | 2027 | av = DIR__RMDIR; |
| 2030 | break; | 2028 | break; |
| 2031 | default: | 2029 | default: |
| 2032 | printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", | 2030 | pr_warn("SELinux: %s: unrecognized kind %d\n", |
| 2033 | __func__, kind); | 2031 | __func__, kind); |
| 2034 | return 0; | 2032 | return 0; |
| 2035 | } | 2033 | } |
| @@ -2875,7 +2873,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data) | |||
| 2875 | mount_options[i], &sid, | 2873 | mount_options[i], &sid, |
| 2876 | GFP_KERNEL); | 2874 | GFP_KERNEL); |
| 2877 | if (rc) { | 2875 | if (rc) { |
| 2878 | printk(KERN_WARNING "SELinux: security_context_str_to_sid" | 2876 | pr_warn("SELinux: security_context_str_to_sid" |
| 2879 | "(%s) failed for (dev %s, type %s) errno=%d\n", | 2877 | "(%s) failed for (dev %s, type %s) errno=%d\n", |
| 2880 | mount_options[i], sb->s_id, sb->s_type->name, rc); | 2878 | mount_options[i], sb->s_id, sb->s_type->name, rc); |
| 2881 | goto out_free_opts; | 2879 | goto out_free_opts; |
| @@ -2914,7 +2912,7 @@ out_free_secdata: | |||
| 2914 | free_secdata(secdata); | 2912 | free_secdata(secdata); |
| 2915 | return rc; | 2913 | return rc; |
| 2916 | out_bad_option: | 2914 | out_bad_option: |
| 2917 | printk(KERN_WARNING "SELinux: unable to change security options " | 2915 | pr_warn("SELinux: unable to change security options " |
| 2918 | "during remount (dev %s, type=%s)\n", sb->s_id, | 2916 | "during remount (dev %s, type=%s)\n", sb->s_id, |
| 2919 | sb->s_type->name); | 2917 | sb->s_type->name); |
| 2920 | goto out_free_opts; | 2918 | goto out_free_opts; |
| @@ -3357,7 +3355,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
| 3357 | rc = security_context_to_sid_force(&selinux_state, value, size, | 3355 | rc = security_context_to_sid_force(&selinux_state, value, size, |
| 3358 | &newsid); | 3356 | &newsid); |
| 3359 | if (rc) { | 3357 | if (rc) { |
| 3360 | printk(KERN_ERR "SELinux: unable to map context to SID" | 3358 | pr_err("SELinux: unable to map context to SID" |
| 3361 | "for (%s, %lu), rc=%d\n", | 3359 | "for (%s, %lu), rc=%d\n", |
| 3362 | inode->i_sb->s_id, inode->i_ino, -rc); | 3360 | inode->i_sb->s_id, inode->i_ino, -rc); |
| 3363 | return; | 3361 | return; |
| @@ -4434,7 +4432,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, | |||
| 4434 | } | 4432 | } |
| 4435 | 4433 | ||
| 4436 | parse_error: | 4434 | parse_error: |
| 4437 | printk(KERN_WARNING | 4435 | pr_warn( |
| 4438 | "SELinux: failure in selinux_parse_skb()," | 4436 | "SELinux: failure in selinux_parse_skb()," |
| 4439 | " unable to parse packet\n"); | 4437 | " unable to parse packet\n"); |
| 4440 | return ret; | 4438 | return ret; |
| @@ -4477,7 +4475,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) | |||
| 4477 | err = security_net_peersid_resolve(&selinux_state, nlbl_sid, | 4475 | err = security_net_peersid_resolve(&selinux_state, nlbl_sid, |
| 4478 | nlbl_type, xfrm_sid, sid); | 4476 | nlbl_type, xfrm_sid, sid); |
| 4479 | if (unlikely(err)) { | 4477 | if (unlikely(err)) { |
| 4480 | printk(KERN_WARNING | 4478 | pr_warn( |
| 4481 | "SELinux: failure in selinux_skb_peerlbl_sid()," | 4479 | "SELinux: failure in selinux_skb_peerlbl_sid()," |
| 4482 | " unable to determine packet's peer label\n"); | 4480 | " unable to determine packet's peer label\n"); |
| 4483 | return -EACCES; | 4481 | return -EACCES; |
| @@ -7141,11 +7139,11 @@ static __init int selinux_init(void) | |||
| 7141 | } | 7139 | } |
| 7142 | 7140 | ||
| 7143 | if (!selinux_enabled) { | 7141 | if (!selinux_enabled) { |
| 7144 | printk(KERN_INFO "SELinux: Disabled at boot.\n"); | 7142 | pr_info("SELinux: Disabled at boot.\n"); |
| 7145 | return 0; | 7143 | return 0; |
| 7146 | } | 7144 | } |
| 7147 | 7145 | ||
| 7148 | printk(KERN_INFO "SELinux: Initializing.\n"); | 7146 | pr_info("SELinux: Initializing.\n"); |
| 7149 | 7147 | ||
| 7150 | memset(&selinux_state, 0, sizeof(selinux_state)); | 7148 | memset(&selinux_state, 0, sizeof(selinux_state)); |
| 7151 | enforcing_set(&selinux_state, selinux_enforcing_boot); | 7149 | enforcing_set(&selinux_state, selinux_enforcing_boot); |
| @@ -7181,9 +7179,9 @@ static __init int selinux_init(void) | |||
| 7181 | panic("SELinux: Unable to register AVC LSM notifier callback\n"); | 7179 | panic("SELinux: Unable to register AVC LSM notifier callback\n"); |
| 7182 | 7180 | ||
| 7183 | if (selinux_enforcing_boot) | 7181 | if (selinux_enforcing_boot) |
| 7184 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); | 7182 | pr_debug("SELinux: Starting in enforcing mode\n"); |
| 7185 | else | 7183 | else |
| 7186 | printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); | 7184 | pr_debug("SELinux: Starting in permissive mode\n"); |
| 7187 | 7185 | ||
| 7188 | return 0; | 7186 | return 0; |
| 7189 | } | 7187 | } |
| @@ -7195,10 +7193,10 @@ static void delayed_superblock_init(struct super_block *sb, void *unused) | |||
| 7195 | 7193 | ||
| 7196 | void selinux_complete_init(void) | 7194 | void selinux_complete_init(void) |
| 7197 | { | 7195 | { |
| 7198 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); | 7196 | pr_debug("SELinux: Completing initialization.\n"); |
| 7199 | 7197 | ||
| 7200 | /* Set up any superblocks initialized prior to the policy load. */ | 7198 | /* Set up any superblocks initialized prior to the policy load. */ |
| 7201 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); | 7199 | pr_debug("SELinux: Setting up existing superblocks.\n"); |
| 7202 | iterate_supers(delayed_superblock_init, NULL); | 7200 | iterate_supers(delayed_superblock_init, NULL); |
| 7203 | } | 7201 | } |
| 7204 | 7202 | ||
| @@ -7273,7 +7271,7 @@ static int __init selinux_nf_ip_init(void) | |||
| 7273 | if (!selinux_enabled) | 7271 | if (!selinux_enabled) |
| 7274 | return 0; | 7272 | return 0; |
| 7275 | 7273 | ||
| 7276 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); | 7274 | pr_debug("SELinux: Registering netfilter hooks\n"); |
| 7277 | 7275 | ||
| 7278 | err = register_pernet_subsys(&selinux_net_ops); | 7276 | err = register_pernet_subsys(&selinux_net_ops); |
| 7279 | if (err) | 7277 | if (err) |
| @@ -7286,7 +7284,7 @@ __initcall(selinux_nf_ip_init); | |||
| 7286 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 7284 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
| 7287 | static void selinux_nf_ip_exit(void) | 7285 | static void selinux_nf_ip_exit(void) |
| 7288 | { | 7286 | { |
| 7289 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); | 7287 | pr_debug("SELinux: Unregistering netfilter hooks\n"); |
| 7290 | 7288 | ||
| 7291 | unregister_pernet_subsys(&selinux_net_ops); | 7289 | unregister_pernet_subsys(&selinux_net_ops); |
| 7292 | } | 7290 | } |
| @@ -7315,7 +7313,7 @@ int selinux_disable(struct selinux_state *state) | |||
| 7315 | 7313 | ||
| 7316 | state->disabled = 1; | 7314 | state->disabled = 1; |
| 7317 | 7315 | ||
| 7318 | printk(KERN_INFO "SELinux: Disabled at runtime.\n"); | 7316 | pr_info("SELinux: Disabled at runtime.\n"); |
| 7319 | 7317 | ||
| 7320 | selinux_enabled = 0; | 7318 | selinux_enabled = 0; |
| 7321 | 7319 | ||