diff options
| author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:51:16 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:30 -0500 |
| commit | 71f1cb05f773661b6fa98c7a635d7a395cd9c55d (patch) | |
| tree | a540f89c5d1d081ea2c09105f264adce44d92fa9 /security/selinux/netnode.c | |
| parent | effad8df44261031a882e1a895415f7186a5098e (diff) | |
SELinux: Add warning messages on network denial due to error
Currently network traffic can be sliently dropped due to non-avc errors which
can lead to much confusion when trying to debug the problem. This patch adds
warning messages so that when these events occur there is a user visible
notification.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/netnode.c')
| -rw-r--r-- | security/selinux/netnode.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 49c527799240..f3c526f2cacb 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c | |||
| @@ -264,8 +264,12 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) | |||
| 264 | 264 | ||
| 265 | out: | 265 | out: |
| 266 | spin_unlock_bh(&sel_netnode_lock); | 266 | spin_unlock_bh(&sel_netnode_lock); |
| 267 | if (ret != 0) | 267 | if (unlikely(ret)) { |
| 268 | printk(KERN_WARNING | ||
| 269 | "SELinux: failure in sel_netnode_sid_slow()," | ||
| 270 | " unable to determine network node label\n"); | ||
| 268 | kfree(new); | 271 | kfree(new); |
| 272 | } | ||
| 269 | return ret; | 273 | return ret; |
| 270 | } | 274 | } |
| 271 | 275 | ||