diff options
author | Eric Paris <eparis@parisplace.org> | 2007-02-22 18:11:31 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-02-26 14:43:07 -0500 |
commit | fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348 (patch) | |
tree | 51e411452a4aa05bb5150d4d670324badf1a4bd0 /security/selinux | |
parent | 9654640d0af8f2de40ff3807d3695109d3463f54 (diff) |
Reassign printk levels in selinux kernel code
Below is a patch which demotes many printk lines to KERN_DEBUG from
KERN_INFO. It should help stop the spamming of logs with messages in
which users are not interested nor is there any action that users should
take. It also promotes some KERN_INFO to KERN_ERR such as when there
are improper attempts to register/unregister security modules.
A similar patch was discussed a while back on list:
http://marc.theaimsgroup.com/?t=116656343500003&r=1&w=2
This patch addresses almost all of the issues raised. I believe the
only advice not taken was in the demoting of messages related to
undefined permissions and classes.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
security/selinux/hooks.c | 20 ++++++++++----------
security/selinux/ss/avtab.c | 2 +-
security/selinux/ss/policydb.c | 6 +++---
security/selinux/ss/sidtab.c | 2 +-
4 files changed, 15 insertions(+), 15 deletions(-)
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 24 | ||||
-rw-r--r-- | security/selinux/ss/avtab.c | 2 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/sidtab.c | 2 |
4 files changed, 17 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b1ac22d23195..19a385e9968e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -653,11 +653,11 @@ static int superblock_doinit(struct super_block *sb, void *data) | |||
653 | sbsec->initialized = 1; | 653 | sbsec->initialized = 1; |
654 | 654 | ||
655 | if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) { | 655 | if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) { |
656 | printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n", | 656 | printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", |
657 | sb->s_id, sb->s_type->name); | 657 | sb->s_id, sb->s_type->name); |
658 | } | 658 | } |
659 | else { | 659 | else { |
660 | printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n", | 660 | printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", |
661 | sb->s_id, sb->s_type->name, | 661 | sb->s_id, sb->s_type->name, |
662 | labeling_behaviors[sbsec->behavior-1]); | 662 | labeling_behaviors[sbsec->behavior-1]); |
663 | } | 663 | } |
@@ -4434,7 +4434,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | |||
4434 | static int selinux_register_security (const char *name, struct security_operations *ops) | 4434 | static int selinux_register_security (const char *name, struct security_operations *ops) |
4435 | { | 4435 | { |
4436 | if (secondary_ops != original_ops) { | 4436 | if (secondary_ops != original_ops) { |
4437 | printk(KERN_INFO "%s: There is already a secondary security " | 4437 | printk(KERN_ERR "%s: There is already a secondary security " |
4438 | "module registered.\n", __FUNCTION__); | 4438 | "module registered.\n", __FUNCTION__); |
4439 | return -EINVAL; | 4439 | return -EINVAL; |
4440 | } | 4440 | } |
@@ -4451,7 +4451,7 @@ static int selinux_register_security (const char *name, struct security_operatio | |||
4451 | static int selinux_unregister_security (const char *name, struct security_operations *ops) | 4451 | static int selinux_unregister_security (const char *name, struct security_operations *ops) |
4452 | { | 4452 | { |
4453 | if (ops != secondary_ops) { | 4453 | if (ops != secondary_ops) { |
4454 | printk (KERN_INFO "%s: trying to unregister a security module " | 4454 | printk(KERN_ERR "%s: trying to unregister a security module " |
4455 | "that is not registered.\n", __FUNCTION__); | 4455 | "that is not registered.\n", __FUNCTION__); |
4456 | return -EINVAL; | 4456 | return -EINVAL; |
4457 | } | 4457 | } |
@@ -4889,9 +4889,9 @@ static __init int selinux_init(void) | |||
4889 | panic("SELinux: Unable to register with kernel.\n"); | 4889 | panic("SELinux: Unable to register with kernel.\n"); |
4890 | 4890 | ||
4891 | if (selinux_enforcing) { | 4891 | if (selinux_enforcing) { |
4892 | printk(KERN_INFO "SELinux: Starting in enforcing mode\n"); | 4892 | printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); |
4893 | } else { | 4893 | } else { |
4894 | printk(KERN_INFO "SELinux: Starting in permissive mode\n"); | 4894 | printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); |
4895 | } | 4895 | } |
4896 | 4896 | ||
4897 | #ifdef CONFIG_KEYS | 4897 | #ifdef CONFIG_KEYS |
@@ -4907,10 +4907,10 @@ static __init int selinux_init(void) | |||
4907 | 4907 | ||
4908 | void selinux_complete_init(void) | 4908 | void selinux_complete_init(void) |
4909 | { | 4909 | { |
4910 | printk(KERN_INFO "SELinux: Completing initialization.\n"); | 4910 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); |
4911 | 4911 | ||
4912 | /* Set up any superblocks initialized prior to the policy load. */ | 4912 | /* Set up any superblocks initialized prior to the policy load. */ |
4913 | printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); | 4913 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); |
4914 | spin_lock(&sb_lock); | 4914 | spin_lock(&sb_lock); |
4915 | spin_lock(&sb_security_lock); | 4915 | spin_lock(&sb_security_lock); |
4916 | next_sb: | 4916 | next_sb: |
@@ -4968,9 +4968,9 @@ static int __init selinux_nf_ip_init(void) | |||
4968 | 4968 | ||
4969 | if (!selinux_enabled) | 4969 | if (!selinux_enabled) |
4970 | goto out; | 4970 | goto out; |
4971 | 4971 | ||
4972 | printk(KERN_INFO "SELinux: Registering netfilter hooks\n"); | 4972 | printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); |
4973 | 4973 | ||
4974 | err = nf_register_hook(&selinux_ipv4_op); | 4974 | err = nf_register_hook(&selinux_ipv4_op); |
4975 | if (err) | 4975 | if (err) |
4976 | panic("SELinux: nf_register_hook for IPv4: error %d\n", err); | 4976 | panic("SELinux: nf_register_hook for IPv4: error %d\n", err); |
@@ -4992,7 +4992,7 @@ __initcall(selinux_nf_ip_init); | |||
4992 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE | 4992 | #ifdef CONFIG_SECURITY_SELINUX_DISABLE |
4993 | static void selinux_nf_ip_exit(void) | 4993 | static void selinux_nf_ip_exit(void) |
4994 | { | 4994 | { |
4995 | printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n"); | 4995 | printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); |
4996 | 4996 | ||
4997 | nf_unregister_hook(&selinux_ipv4_op); | 4997 | nf_unregister_hook(&selinux_ipv4_op); |
4998 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 4998 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 9142073319c0..3122908afdc1 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
@@ -277,7 +277,7 @@ void avtab_hash_eval(struct avtab *h, char *tag) | |||
277 | } | 277 | } |
278 | } | 278 | } |
279 | 279 | ||
280 | printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest " | 280 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " |
281 | "chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE, | 281 | "chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE, |
282 | max_chain_len); | 282 | max_chain_len); |
283 | } | 283 | } |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index cd79c6338aa0..0ac1021734c0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -374,7 +374,7 @@ static void symtab_hash_eval(struct symtab *s) | |||
374 | struct hashtab_info info; | 374 | struct hashtab_info info; |
375 | 375 | ||
376 | hashtab_stat(h, &info); | 376 | hashtab_stat(h, &info); |
377 | printk(KERN_INFO "%s: %d entries and %d/%d buckets used, " | 377 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " |
378 | "longest chain length %d\n", symtab_name[i], h->nel, | 378 | "longest chain length %d\n", symtab_name[i], h->nel, |
379 | info.slots_used, h->size, info.max_chain_len); | 379 | info.slots_used, h->size, info.max_chain_len); |
380 | } | 380 | } |
@@ -391,14 +391,14 @@ static int policydb_index_others(struct policydb *p) | |||
391 | { | 391 | { |
392 | int i, rc = 0; | 392 | int i, rc = 0; |
393 | 393 | ||
394 | printk(KERN_INFO "security: %d users, %d roles, %d types, %d bools", | 394 | printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", |
395 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); | 395 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); |
396 | if (selinux_mls_enabled) | 396 | if (selinux_mls_enabled) |
397 | printk(", %d sens, %d cats", p->p_levels.nprim, | 397 | printk(", %d sens, %d cats", p->p_levels.nprim, |
398 | p->p_cats.nprim); | 398 | p->p_cats.nprim); |
399 | printk("\n"); | 399 | printk("\n"); |
400 | 400 | ||
401 | printk(KERN_INFO "security: %d classes, %d rules\n", | 401 | printk(KERN_DEBUG "security: %d classes, %d rules\n", |
402 | p->p_classes.nprim, p->te_avtab.nel); | 402 | p->p_classes.nprim, p->te_avtab.nel); |
403 | 403 | ||
404 | #ifdef DEBUG_HASHES | 404 | #ifdef DEBUG_HASHES |
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index d78f9ff30da9..53a54a77f1f8 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c | |||
@@ -253,7 +253,7 @@ void sidtab_hash_eval(struct sidtab *h, char *tag) | |||
253 | } | 253 | } |
254 | } | 254 | } |
255 | 255 | ||
256 | printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest " | 256 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " |
257 | "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE, | 257 | "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE, |
258 | max_chain_len); | 258 | max_chain_len); |
259 | } | 259 | } |