summaryrefslogtreecommitdiffstats
path: root/security/selinux/netif.c
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-01-29 14:51:16 +0100
committerJames Morris <jmorris@namei.org>2008-01-29 22:17:30 +0100
commit71f1cb05f773661b6fa98c7a635d7a395cd9c55d (patch)
treea540f89c5d1d081ea2c09105f264adce44d92fa9 /security/selinux/netif.c
parentSELinux: Add network ingress and egress control permission checks (diff)
downloadlinux-71f1cb05f773661b6fa98c7a635d7a395cd9c55d.tar.xz
linux-71f1cb05f773661b6fa98c7a635d7a395cd9c55d.zip
SELinux: Add warning messages on network denial due to error
Currently network traffic can be sliently dropped due to non-avc errors which can lead to much confusion when trying to debug the problem. This patch adds warning messages so that when these events occur there is a user visible notification. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/netif.c')
-rw-r--r--security/selinux/netif.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index ee49a7382875..013d3117a86b 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -157,8 +157,12 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid)
* currently support containers */
dev = dev_get_by_index(&init_net, ifindex);
- if (dev == NULL)
+ if (unlikely(dev == NULL)) {
+ printk(KERN_WARNING
+ "SELinux: failure in sel_netif_sid_slow(),"
+ " invalid network interface (%d)\n", ifindex);
return -ENOENT;
+ }
spin_lock_bh(&sel_netif_lock);
netif = sel_netif_find(ifindex);
@@ -184,8 +188,13 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid)
out:
spin_unlock_bh(&sel_netif_lock);
dev_put(dev);
- if (ret != 0)
+ if (unlikely(ret)) {
+ printk(KERN_WARNING
+ "SELinux: failure in sel_netif_sid_slow(),"
+ " unable to determine network interface label (%d)\n",
+ ifindex);
kfree(new);
+ }
return ret;
}