diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:51:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:30 -0500 |
commit | 71f1cb05f773661b6fa98c7a635d7a395cd9c55d (patch) | |
tree | a540f89c5d1d081ea2c09105f264adce44d92fa9 /security/selinux/netif.c | |
parent | effad8df44261031a882e1a895415f7186a5098e (diff) |
SELinux: Add warning messages on network denial due to error
Currently network traffic can be sliently dropped due to non-avc errors which
can lead to much confusion when trying to debug the problem. This patch adds
warning messages so that when these events occur there is a user visible
notification.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/netif.c')
-rw-r--r-- | security/selinux/netif.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/security/selinux/netif.c b/security/selinux/netif.c index ee49a7382875..013d3117a86b 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c | |||
@@ -157,8 +157,12 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid) | |||
157 | * currently support containers */ | 157 | * currently support containers */ |
158 | 158 | ||
159 | dev = dev_get_by_index(&init_net, ifindex); | 159 | dev = dev_get_by_index(&init_net, ifindex); |
160 | if (dev == NULL) | 160 | if (unlikely(dev == NULL)) { |
161 | printk(KERN_WARNING | ||
162 | "SELinux: failure in sel_netif_sid_slow()," | ||
163 | " invalid network interface (%d)\n", ifindex); | ||
161 | return -ENOENT; | 164 | return -ENOENT; |
165 | } | ||
162 | 166 | ||
163 | spin_lock_bh(&sel_netif_lock); | 167 | spin_lock_bh(&sel_netif_lock); |
164 | netif = sel_netif_find(ifindex); | 168 | netif = sel_netif_find(ifindex); |
@@ -184,8 +188,13 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid) | |||
184 | out: | 188 | out: |
185 | spin_unlock_bh(&sel_netif_lock); | 189 | spin_unlock_bh(&sel_netif_lock); |
186 | dev_put(dev); | 190 | dev_put(dev); |
187 | if (ret != 0) | 191 | if (unlikely(ret)) { |
192 | printk(KERN_WARNING | ||
193 | "SELinux: failure in sel_netif_sid_slow()," | ||
194 | " unable to determine network interface label (%d)\n", | ||
195 | ifindex); | ||
188 | kfree(new); | 196 | kfree(new); |
197 | } | ||
189 | return ret; | 198 | return ret; |
190 | } | 199 | } |
191 | 200 | ||