aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-11-05 09:34:42 -0500
committerJames Morris <jmorris@namei.org>2008-11-08 18:33:18 -0500
commit39c9aede2b4a252bd296c0a86be832c3d3d0a273 (patch)
tree2c802930511c40a6d150166a892e68f83fee9851
parent1f29fae29709b4668979e244c09b2fa78ff1ad59 (diff)
SELinux: Use unknown perm handling to handle unknown netlink msg types
Currently when SELinux has not been updated to handle a netlink message type the operation is denied with EINVAL. This patch will leave the audit/warning message so things get fixed but if policy chose to allow unknowns this will allow the netlink operation. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/hooks.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f71de5a64d0c..7fd4de46b2a9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4395,7 +4395,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4395 "SELinux: unrecognized netlink message" 4395 "SELinux: unrecognized netlink message"
4396 " type=%hu for sclass=%hu\n", 4396 " type=%hu for sclass=%hu\n",
4397 nlh->nlmsg_type, isec->sclass); 4397 nlh->nlmsg_type, isec->sclass);
4398 if (!selinux_enforcing) 4398 if (!selinux_enforcing || security_get_allow_unknown())
4399 err = 0; 4399 err = 0;
4400 } 4400 }
4401 4401