aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@parisplace.org>2007-02-22 18:11:31 -0500
committerJames Morris <jmorris@namei.org>2007-02-26 14:43:07 -0500
commitfadcdb451632d32d7c0d4c71df9ac2d3b7ae2348 (patch)
tree51e411452a4aa05bb5150d4d670324badf1a4bd0
parent9654640d0af8f2de40ff3807d3695109d3463f54 (diff)
Reassign printk levels in selinux kernel code
Below is a patch which demotes many printk lines to KERN_DEBUG from KERN_INFO. It should help stop the spamming of logs with messages in which users are not interested nor is there any action that users should take. It also promotes some KERN_INFO to KERN_ERR such as when there are improper attempts to register/unregister security modules. A similar patch was discussed a while back on list: http://marc.theaimsgroup.com/?t=116656343500003&r=1&w=2 This patch addresses almost all of the issues raised. I believe the only advice not taken was in the demoting of messages related to undefined permissions and classes. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> security/selinux/hooks.c | 20 ++++++++++---------- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/policydb.c | 6 +++--- security/selinux/ss/sidtab.c | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/hooks.c24
-rw-r--r--security/selinux/ss/avtab.c2
-rw-r--r--security/selinux/ss/policydb.c6
-rw-r--r--security/selinux/ss/sidtab.c2
4 files changed, 17 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b1ac22d23195..19a385e9968e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -653,11 +653,11 @@ static int superblock_doinit(struct super_block *sb, void *data)
653 sbsec->initialized = 1; 653 sbsec->initialized = 1;
654 654
655 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) { 655 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
656 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n", 656 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
657 sb->s_id, sb->s_type->name); 657 sb->s_id, sb->s_type->name);
658 } 658 }
659 else { 659 else {
660 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n", 660 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
661 sb->s_id, sb->s_type->name, 661 sb->s_id, sb->s_type->name,
662 labeling_behaviors[sbsec->behavior-1]); 662 labeling_behaviors[sbsec->behavior-1]);
663 } 663 }
@@ -4434,7 +4434,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4434static int selinux_register_security (const char *name, struct security_operations *ops) 4434static int selinux_register_security (const char *name, struct security_operations *ops)
4435{ 4435{
4436 if (secondary_ops != original_ops) { 4436 if (secondary_ops != original_ops) {
4437 printk(KERN_INFO "%s: There is already a secondary security " 4437 printk(KERN_ERR "%s: There is already a secondary security "
4438 "module registered.\n", __FUNCTION__); 4438 "module registered.\n", __FUNCTION__);
4439 return -EINVAL; 4439 return -EINVAL;
4440 } 4440 }
@@ -4451,7 +4451,7 @@ static int selinux_register_security (const char *name, struct security_operatio
4451static int selinux_unregister_security (const char *name, struct security_operations *ops) 4451static int selinux_unregister_security (const char *name, struct security_operations *ops)
4452{ 4452{
4453 if (ops != secondary_ops) { 4453 if (ops != secondary_ops) {
4454 printk (KERN_INFO "%s: trying to unregister a security module " 4454 printk(KERN_ERR "%s: trying to unregister a security module "
4455 "that is not registered.\n", __FUNCTION__); 4455 "that is not registered.\n", __FUNCTION__);
4456 return -EINVAL; 4456 return -EINVAL;
4457 } 4457 }
@@ -4889,9 +4889,9 @@ static __init int selinux_init(void)
4889 panic("SELinux: Unable to register with kernel.\n"); 4889 panic("SELinux: Unable to register with kernel.\n");
4890 4890
4891 if (selinux_enforcing) { 4891 if (selinux_enforcing) {
4892 printk(KERN_INFO "SELinux: Starting in enforcing mode\n"); 4892 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
4893 } else { 4893 } else {
4894 printk(KERN_INFO "SELinux: Starting in permissive mode\n"); 4894 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
4895 } 4895 }
4896 4896
4897#ifdef CONFIG_KEYS 4897#ifdef CONFIG_KEYS
@@ -4907,10 +4907,10 @@ static __init int selinux_init(void)
4907 4907
4908void selinux_complete_init(void) 4908void selinux_complete_init(void)
4909{ 4909{
4910 printk(KERN_INFO "SELinux: Completing initialization.\n"); 4910 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
4911 4911
4912 /* Set up any superblocks initialized prior to the policy load. */ 4912 /* Set up any superblocks initialized prior to the policy load. */
4913 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); 4913 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
4914 spin_lock(&sb_lock); 4914 spin_lock(&sb_lock);
4915 spin_lock(&sb_security_lock); 4915 spin_lock(&sb_security_lock);
4916next_sb: 4916next_sb:
@@ -4968,9 +4968,9 @@ static int __init selinux_nf_ip_init(void)
4968 4968
4969 if (!selinux_enabled) 4969 if (!selinux_enabled)
4970 goto out; 4970 goto out;
4971 4971
4972 printk(KERN_INFO "SELinux: Registering netfilter hooks\n"); 4972 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
4973 4973
4974 err = nf_register_hook(&selinux_ipv4_op); 4974 err = nf_register_hook(&selinux_ipv4_op);
4975 if (err) 4975 if (err)
4976 panic("SELinux: nf_register_hook for IPv4: error %d\n", err); 4976 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
@@ -4992,7 +4992,7 @@ __initcall(selinux_nf_ip_init);
4992#ifdef CONFIG_SECURITY_SELINUX_DISABLE 4992#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4993static void selinux_nf_ip_exit(void) 4993static void selinux_nf_ip_exit(void)
4994{ 4994{
4995 printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n"); 4995 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
4996 4996
4997 nf_unregister_hook(&selinux_ipv4_op); 4997 nf_unregister_hook(&selinux_ipv4_op);
4998#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 4998#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 9142073319c0..3122908afdc1 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -277,7 +277,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
277 } 277 }
278 } 278 }
279 279
280 printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest " 280 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
281 "chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE, 281 "chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE,
282 max_chain_len); 282 max_chain_len);
283} 283}
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index cd79c6338aa0..0ac1021734c0 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -374,7 +374,7 @@ static void symtab_hash_eval(struct symtab *s)
374 struct hashtab_info info; 374 struct hashtab_info info;
375 375
376 hashtab_stat(h, &info); 376 hashtab_stat(h, &info);
377 printk(KERN_INFO "%s: %d entries and %d/%d buckets used, " 377 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, "
378 "longest chain length %d\n", symtab_name[i], h->nel, 378 "longest chain length %d\n", symtab_name[i], h->nel,
379 info.slots_used, h->size, info.max_chain_len); 379 info.slots_used, h->size, info.max_chain_len);
380 } 380 }
@@ -391,14 +391,14 @@ static int policydb_index_others(struct policydb *p)
391{ 391{
392 int i, rc = 0; 392 int i, rc = 0;
393 393
394 printk(KERN_INFO "security: %d users, %d roles, %d types, %d bools", 394 printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools",
395 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 395 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
396 if (selinux_mls_enabled) 396 if (selinux_mls_enabled)
397 printk(", %d sens, %d cats", p->p_levels.nprim, 397 printk(", %d sens, %d cats", p->p_levels.nprim,
398 p->p_cats.nprim); 398 p->p_cats.nprim);
399 printk("\n"); 399 printk("\n");
400 400
401 printk(KERN_INFO "security: %d classes, %d rules\n", 401 printk(KERN_DEBUG "security: %d classes, %d rules\n",
402 p->p_classes.nprim, p->te_avtab.nel); 402 p->p_classes.nprim, p->te_avtab.nel);
403 403
404#ifdef DEBUG_HASHES 404#ifdef DEBUG_HASHES
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index d78f9ff30da9..53a54a77f1f8 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -253,7 +253,7 @@ void sidtab_hash_eval(struct sidtab *h, char *tag)
253 } 253 }
254 } 254 }
255 255
256 printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest " 256 printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
257 "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE, 257 "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
258 max_chain_len); 258 max_chain_len);
259} 259}