Reassign printk levels in selinux kernel code

Below is a patch which demotes many printk lines to KERN_DEBUG from KERN_INFO. It should help stop the spamming of logs with messages in which users are not interested nor is there any action that users should take. It also promotes some KERN_INFO to KERN_ERR such as when there are improper attempts to register/unregister security modules. A similar patch was discussed a while back on list: http://marc.theaimsgroup.com/?t=116656343500003&r=1&w=2 This patch addresses almost all of the issues raised. I believe the only advice not taken was in the demoting of messages related to undefined permissions and classes. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> security/selinux/hooks.c | 20 ++++++++++---------- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/policydb.c | 6 +++--- security/selinux/ss/sidtab.c | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@parisplace.org> 2007-02-22 18:11:31 -0500
committer: James Morris <jmorris@namei.org> 2007-02-26 14:43:07 -0500
commit: fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348 (patch)
tree: 51e411452a4aa05bb5150d4d670324badf1a4bd0 /security
parent: 9654640d0af8f2de40ff3807d3695109d3463f54 (diff)
4 files changed, 17 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b1ac22d23195..19a385e9968e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -653,11 +653,11 @@ static int superblock_doinit(struct super_block *sb, void *data)
        sbsec->initialized = 1;
        if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
-                printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
+                printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
                       sb->s_id, sb->s_type->name);
        }
        else {
-                printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
+                printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
                       sb->s_id, sb->s_type->name,
                       labeling_behaviors[sbsec->behavior-1]);
        }
@@ -4434,7 +4434,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 static int selinux_register_security (const char *name, struct security_operations *ops)
 {
        if (secondary_ops != original_ops) {
-                printk(KERN_INFO "%s:  There is already a secondary security "
+                printk(KERN_ERR "%s:  There is already a secondary security "
                       "module registered.\n", __FUNCTION__);
                return -EINVAL;
        }
@@ -4451,7 +4451,7 @@ static int selinux_register_security (const char *name, struct security_operatio
 static int selinux_unregister_security (const char *name, struct security_operations *ops)
 {
        if (ops != secondary_ops) {
-                printk (KERN_INFO "%s:  trying to unregister a security module "
+                printk(KERN_ERR "%s:  trying to unregister a security module "
                        "that is not registered.\n", __FUNCTION__);
                return -EINVAL;
        }
@@ -4889,9 +4889,9 @@ static __init int selinux_init(void)
                panic("SELinux: Unable to register with kernel.\n");
        if (selinux_enforcing) {
-                printk(KERN_INFO "SELinux:  Starting in enforcing mode\n");
+                printk(KERN_DEBUG "SELinux:  Starting in enforcing mode\n");
        } else {
-                printk(KERN_INFO "SELinux:  Starting in permissive mode\n");
+                printk(KERN_DEBUG "SELinux:  Starting in permissive mode\n");
        }
 #ifdef CONFIG_KEYS
@@ -4907,10 +4907,10 @@ static __init int selinux_init(void)
 void selinux_complete_init(void)
 {
-        printk(KERN_INFO "SELinux:  Completing initialization.\n");
+        printk(KERN_DEBUG "SELinux:  Completing initialization.\n");
        /* Set up any superblocks initialized prior to the policy load. */
-        printk(KERN_INFO "SELinux:  Setting up existing superblocks.\n");
+        printk(KERN_DEBUG "SELinux:  Setting up existing superblocks.\n");
        spin_lock(&sb_lock);
        spin_lock(&sb_security_lock);
 next_sb:
@@ -4968,9 +4968,9 @@ static int __init selinux_nf_ip_init(void)
        if (!selinux_enabled)
                goto out;
-                
-        printk(KERN_INFO "SELinux:  Registering netfilter hooks\n");
+        printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
-        
        err = nf_register_hook(&selinux_ipv4_op);
        if (err)
                panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
@@ -4992,7 +4992,7 @@ __initcall(selinux_nf_ip_init);
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static void selinux_nf_ip_exit(void)
 {
-        printk(KERN_INFO "SELinux:  Unregistering netfilter hooks\n");
+        printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
        nf_unregister_hook(&selinux_ipv4_op);
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 9142073319c0..3122908afdc1 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -277,7 +277,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
                }
        }
-        printk(KERN_INFO "%s:  %d entries and %d/%d buckets used, longest "
+        printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, longest "
               "chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE,
               max_chain_len);
 }
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index cd79c6338aa0..0ac1021734c0 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -374,7 +374,7 @@ static void symtab_hash_eval(struct symtab *s)
                struct hashtab_info info;
                hashtab_stat(h, &info);
-                printk(KERN_INFO "%s:  %d entries and %d/%d buckets used, "
+                printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, "
                       "longest chain length %d\n", symtab_name[i], h->nel,
                       info.slots_used, h->size, info.max_chain_len);
        }
@@ -391,14 +391,14 @@ static int policydb_index_others(struct policydb *p)
 {
        int i, rc = 0;
-        printk(KERN_INFO "security:  %d users, %d roles, %d types, %d bools",
+        printk(KERN_DEBUG "security:  %d users, %d roles, %d types, %d bools",
               p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
        if (selinux_mls_enabled)
                printk(", %d sens, %d cats", p->p_levels.nprim,
                       p->p_cats.nprim);
        printk("\n");
-        printk(KERN_INFO "security:  %d classes, %d rules\n",
+        printk(KERN_DEBUG "security:  %d classes, %d rules\n",
               p->p_classes.nprim, p->te_avtab.nel);
 #ifdef DEBUG_HASHES
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index d78f9ff30da9..53a54a77f1f8 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -253,7 +253,7 @@ void sidtab_hash_eval(struct sidtab *h, char *tag)
                }
        }
-        printk(KERN_INFO "%s:  %d entries and %d/%d buckets used, longest "
+        printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, longest "
               "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
               max_chain_len);
 }
author	Eric Paris <eparis@parisplace.org>	2007-02-22 18:11:31 -0500
committer	James Morris <jmorris@namei.org>	2007-02-26 14:43:07 -0500
commit	fadcdb451632d32d7c0d4c71df9ac2d3b7ae2348 (patch)
tree	51e411452a4aa05bb5150d4d670324badf1a4bd0 /security
parent	9654640d0af8f2de40ff3807d3695109d3463f54 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b1ac22d23195..19a385e9968e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -653,11 +653,11 @@ static int superblock_doinit(struct super_block sb, void data)
653	sbsec->initialized = 1;	653	sbsec->initialized = 1;
654		654
655	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {	655	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
656	printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",	656	printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
657	sb->s_id, sb->s_type->name);	657	sb->s_id, sb->s_type->name);
658	}	658	}
659	else {	659	else {
660	printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",	660	printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
661	sb->s_id, sb->s_type->name,	661	sb->s_id, sb->s_type->name,
662	labeling_behaviors[sbsec->behavior-1]);	662	labeling_behaviors[sbsec->behavior-1]);
663	}	663	}
@@ -4434,7 +4434,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4434	static int selinux_register_security (const char name, struct security_operations ops)	4434	static int selinux_register_security (const char name, struct security_operations ops)
4435	{	4435	{
4436	if (secondary_ops != original_ops) {	4436	if (secondary_ops != original_ops) {
4437	printk(KERN_INFO "%s: There is already a secondary security "	4437	printk(KERN_ERR "%s: There is already a secondary security "
4438	"module registered.\n", __FUNCTION__);	4438	"module registered.\n", __FUNCTION__);
4439	return -EINVAL;	4439	return -EINVAL;
4440	}	4440	}
@@ -4451,7 +4451,7 @@ static int selinux_register_security (const char *name, struct security_operatio
4451	static int selinux_unregister_security (const char name, struct security_operations ops)	4451	static int selinux_unregister_security (const char name, struct security_operations ops)
4452	{	4452	{
4453	if (ops != secondary_ops) {	4453	if (ops != secondary_ops) {
4454	printk (KERN_INFO "%s: trying to unregister a security module "	4454	printk(KERN_ERR "%s: trying to unregister a security module "
4455	"that is not registered.\n", __FUNCTION__);	4455	"that is not registered.\n", __FUNCTION__);
4456	return -EINVAL;	4456	return -EINVAL;
4457	}	4457	}
@@ -4889,9 +4889,9 @@ static __init int selinux_init(void)
4889	panic("SELinux: Unable to register with kernel.\n");	4889	panic("SELinux: Unable to register with kernel.\n");
4890		4890
4891	if (selinux_enforcing) {	4891	if (selinux_enforcing) {
4892	printk(KERN_INFO "SELinux: Starting in enforcing mode\n");	4892	printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
4893	} else {	4893	} else {
4894	printk(KERN_INFO "SELinux: Starting in permissive mode\n");	4894	printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
4895	}	4895	}
4896		4896
4897	#ifdef CONFIG_KEYS	4897	#ifdef CONFIG_KEYS
@@ -4907,10 +4907,10 @@ static __init int selinux_init(void)
4907		4907
4908	void selinux_complete_init(void)	4908	void selinux_complete_init(void)
4909	{	4909	{
4910	printk(KERN_INFO "SELinux: Completing initialization.\n");	4910	printk(KERN_DEBUG "SELinux: Completing initialization.\n");
4911		4911
4912	/* Set up any superblocks initialized prior to the policy load. */	4912	/* Set up any superblocks initialized prior to the policy load. */
4913	printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");	4913	printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
4914	spin_lock(&sb_lock);	4914	spin_lock(&sb_lock);
4915	spin_lock(&sb_security_lock);	4915	spin_lock(&sb_security_lock);
4916	next_sb:	4916	next_sb:
@@ -4968,9 +4968,9 @@ static int __init selinux_nf_ip_init(void)
4968		4968
4969	if (!selinux_enabled)	4969	if (!selinux_enabled)
4970	goto out;	4970	goto out;
4971		4971
4972	printk(KERN_INFO "SELinux: Registering netfilter hooks\n");	4972	printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
4973		4973
4974	err = nf_register_hook(&selinux_ipv4_op);	4974	err = nf_register_hook(&selinux_ipv4_op);
4975	if (err)	4975	if (err)
4976	panic("SELinux: nf_register_hook for IPv4: error %d\n", err);	4976	panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
@@ -4992,7 +4992,7 @@ __initcall(selinux_nf_ip_init);
4992	#ifdef CONFIG_SECURITY_SELINUX_DISABLE	4992	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4993	static void selinux_nf_ip_exit(void)	4993	static void selinux_nf_ip_exit(void)
4994	{	4994	{
4995	printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n");	4995	printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
4996		4996
4997	nf_unregister_hook(&selinux_ipv4_op);	4997	nf_unregister_hook(&selinux_ipv4_op);
4998	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4998	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)


diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 9142073319c0..3122908afdc1 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c
@@ -277,7 +277,7 @@ void avtab_hash_eval(struct avtab h, char tag)
277	}	277	}
278	}	278	}
279		279
280	printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest "	280	printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
281	"chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE,	281	"chain length %d\n", tag, h->nel, slots_used, AVTAB_SIZE,
282	max_chain_len);	282	max_chain_len);
283	}	283	}


diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index cd79c6338aa0..0ac1021734c0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c
@@ -374,7 +374,7 @@ static void symtab_hash_eval(struct symtab *s)
374	struct hashtab_info info;	374	struct hashtab_info info;
375		375
376	hashtab_stat(h, &info);	376	hashtab_stat(h, &info);
377	printk(KERN_INFO "%s: %d entries and %d/%d buckets used, "	377	printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, "
378	"longest chain length %d\n", symtab_name[i], h->nel,	378	"longest chain length %d\n", symtab_name[i], h->nel,
379	info.slots_used, h->size, info.max_chain_len);	379	info.slots_used, h->size, info.max_chain_len);
380	}	380	}
@@ -391,14 +391,14 @@ static int policydb_index_others(struct policydb *p)
391	{	391	{
392	int i, rc = 0;	392	int i, rc = 0;
393		393
394	printk(KERN_INFO "security: %d users, %d roles, %d types, %d bools",	394	printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools",
395	p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);	395	p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
396	if (selinux_mls_enabled)	396	if (selinux_mls_enabled)
397	printk(", %d sens, %d cats", p->p_levels.nprim,	397	printk(", %d sens, %d cats", p->p_levels.nprim,
398	p->p_cats.nprim);	398	p->p_cats.nprim);
399	printk("\n");	399	printk("\n");
400		400
401	printk(KERN_INFO "security: %d classes, %d rules\n",	401	printk(KERN_DEBUG "security: %d classes, %d rules\n",
402	p->p_classes.nprim, p->te_avtab.nel);	402	p->p_classes.nprim, p->te_avtab.nel);
403		403
404	#ifdef DEBUG_HASHES	404	#ifdef DEBUG_HASHES


diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index d78f9ff30da9..53a54a77f1f8 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c
@@ -253,7 +253,7 @@ void sidtab_hash_eval(struct sidtab h, char tag)
253	}	253	}
254	}	254	}
255		255
256	printk(KERN_INFO "%s: %d entries and %d/%d buckets used, longest "	256	printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
257	"chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,	257	"chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
258	max_chain_len);	258	max_chain_len);
259	}	259	}