diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 14:51:16 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 22:17:30 +0100 |
commit | 71f1cb05f773661b6fa98c7a635d7a395cd9c55d (patch) | |
tree | a540f89c5d1d081ea2c09105f264adce44d92fa9 /security/selinux/netif.c | |
parent | SELinux: Add network ingress and egress control permission checks (diff) | |
download | linux-71f1cb05f773661b6fa98c7a635d7a395cd9c55d.tar.xz linux-71f1cb05f773661b6fa98c7a635d7a395cd9c55d.zip |
SELinux: Add warning messages on network denial due to error
Currently network traffic can be sliently dropped due to non-avc errors which
can lead to much confusion when trying to debug the problem. This patch adds
warning messages so that when these events occur there is a user visible
notification.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/netif.c')
-rw-r--r-- | security/selinux/netif.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/security/selinux/netif.c b/security/selinux/netif.c index ee49a7382875..013d3117a86b 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -157,8 +157,12 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid) * currently support containers */ dev = dev_get_by_index(&init_net, ifindex); - if (dev == NULL) + if (unlikely(dev == NULL)) { + printk(KERN_WARNING + "SELinux: failure in sel_netif_sid_slow()," + " invalid network interface (%d)\n", ifindex); return -ENOENT; + } spin_lock_bh(&sel_netif_lock); netif = sel_netif_find(ifindex); @@ -184,8 +188,13 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid) out: spin_unlock_bh(&sel_netif_lock); dev_put(dev); - if (ret != 0) + if (unlikely(ret)) { + printk(KERN_WARNING + "SELinux: failure in sel_netif_sid_slow()," + " unable to determine network interface label (%d)\n", + ifindex); kfree(new); + } return ret; } |