Re: [PATCH] selinux: hooks: cleanup orphan keywords in audit log text
On Thursday, September 18, 2014 08:50:17 PM Richard Guy Briggs wrote:
Convert audit_log() call to WARN_ONCE().
Rename type= to nlmsg_type= to avoid confusion with the audit record
type.
Added protocol= to help track down which protocol (NETLINK_AUDIT?) was
used within the netlink protocol family.
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
security/selinux/hooks.c |7 +++
1 files changed, 3 insertions(+), 4 deletions(-)
I rewrote the patch subject line as it doesn't really make much sense given
the changes made by the patch, but other than that it looks fine to me.
Applied.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 83d06db..28ec61c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4681,10 +4681,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct
sk_buff *skb) err = selinux_nlmsg_lookup(sksec-sclass, nlh-nlmsg_type,
perm); if (err) {
if (err == -EINVAL) {
- audit_log(current-audit_context, GFP_KERNEL,
AUDIT_SELINUX_ERR,
- SELinux: unrecognized netlink message
-type=%hu for sclass=%hu\n,
- nlh-nlmsg_type, sksec-sclass);
+ WARN_ONCE(1, selinux_nlmsg_perm: unrecognized netlink
message:
+protocol=%hu nlmsg_type=%hu sclass=%hu\n,
+ sk-sk_protocol, nlh-nlmsg_type,
sksec-sclass);
if (!selinux_enforcing || security_get_allow_unknown())
err = 0;
}
--
paul moore
security and virtualization @ redhat
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH] selinux: hooks: cleanup orphan keywords in audit log text
On 14/09/22, Paul Moore wrote:
On Thursday, September 18, 2014 08:50:17 PM Richard Guy Briggs wrote:
Convert audit_log() call to WARN_ONCE().
Rename type= to nlmsg_type= to avoid confusion with the audit record
type.
Added protocol= to help track down which protocol (NETLINK_AUDIT?) was
used within the netlink protocol family.
Signed-off-by: Richard Guy Briggs r...@redhat.com
---
security/selinux/hooks.c |7 +++
1 files changed, 3 insertions(+), 4 deletions(-)
I rewrote the patch subject line as it doesn't really make much sense given
the changes made by the patch, but other than that it looks fine to me.
Fair enough. What's the new patch subject line?
Applied.
Thanks.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 83d06db..28ec61c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4681,10 +4681,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct
sk_buff *skb) err = selinux_nlmsg_lookup(sksec-sclass, nlh-nlmsg_type,
perm); if (err) {
if (err == -EINVAL) {
- audit_log(current-audit_context, GFP_KERNEL,
AUDIT_SELINUX_ERR,
- SELinux: unrecognized netlink message
- type=%hu for sclass=%hu\n,
- nlh-nlmsg_type, sksec-sclass);
+ WARN_ONCE(1, selinux_nlmsg_perm: unrecognized netlink
message:
+ protocol=%hu nlmsg_type=%hu sclass=%hu\n,
+ sk-sk_protocol, nlh-nlmsg_type,
sksec-sclass);
if (!selinux_enforcing || security_get_allow_unknown())
err = 0;
}
paul moore
- RGB
--
Richard Guy Briggs rbri...@redhat.com
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red
Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
Re: [PATCH] selinux: hooks: cleanup orphan keywords in audit log text
On Monday, September 22, 2014 04:59:39 PM Richard Guy Briggs wrote: On 14/09/22, Paul Moore wrote: On Thursday, September 18, 2014 08:50:17 PM Richard Guy Briggs wrote: Convert audit_log() call to WARN_ONCE(). Rename type= to nlmsg_type= to avoid confusion with the audit record type. Added protocol= to help track down which protocol (NETLINK_AUDIT?) was used within the netlink protocol family. Signed-off-by: Richard Guy Briggs r...@redhat.com --- security/selinux/hooks.c |7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) I rewrote the patch subject line as it doesn't really make much sense given the changes made by the patch, but other than that it looks fine to me. Fair enough. What's the new patch subject line? Both your SELinux patches are now in the SELinux next branch. See commit e173fb2646a832b424c80904c306b816760ce477, selinux: cleanup error reporting in selinux_nlmsg_perm(). -- paul moore security and virtualization @ redhat -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
