diff options
author | Eric Paris <eparis@redhat.com> | 2008-11-05 09:34:42 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-08 18:33:18 -0500 |
commit | 39c9aede2b4a252bd296c0a86be832c3d3d0a273 (patch) | |
tree | 2c802930511c40a6d150166a892e68f83fee9851 | |
parent | 1f29fae29709b4668979e244c09b2fa78ff1ad59 (diff) |
SELinux: Use unknown perm handling to handle unknown netlink msg types
Currently when SELinux has not been updated to handle a netlink message
type the operation is denied with EINVAL. This patch will leave the
audit/warning message so things get fixed but if policy chose to allow
unknowns this will allow the netlink operation.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f71de5a64d0c..7fd4de46b2a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4395,7 +4395,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
4395 | "SELinux: unrecognized netlink message" | 4395 | "SELinux: unrecognized netlink message" |
4396 | " type=%hu for sclass=%hu\n", | 4396 | " type=%hu for sclass=%hu\n", |
4397 | nlh->nlmsg_type, isec->sclass); | 4397 | nlh->nlmsg_type, isec->sclass); |
4398 | if (!selinux_enforcing) | 4398 | if (!selinux_enforcing || security_get_allow_unknown()) |
4399 | err = 0; | 4399 | err = 0; |
4400 | } | 4400 | } |
4401 | 4401 | ||