ChangeSet 1.2231.1.18, 2005/03/28 19:21:10-08:00, [EMAIL PROTECTED]
[PATCH] SELinux: audit unrecognized netlink messages
This patch changes SELinux to audit any unrecognized netlink messages in
controlled classes rather than silently rejecting them, and to allow
them
if in permissive mode. Please apply.
Signed-off-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
hooks.c | 10 ++++++++++
1 files changed, 10 insertions(+)
diff -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
--- a/security/selinux/hooks.c 2005-03-28 21:10:23 -08:00
+++ b/security/selinux/hooks.c 2005-03-28 21:10:23 -08:00
@@ -67,6 +67,7 @@
#include <linux/hugetlb.h>
#include <linux/personality.h>
#include <linux/sysctl.h>
+#include <linux/audit.h>
#include "avc.h"
#include "objsec.h"
@@ -3385,6 +3386,15 @@
err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
if (err) {
+ if (err == -EINVAL) {
+ audit_log(current->audit_context,
+ "SELinux: unrecognized netlink message"
+ " type=%hu for sclass=%hu\n",
+ nlh->nlmsg_type, isec->sclass);
+ if (!selinux_enforcing)
+ err = 0;
+ }
+
/* Ignore */
if (err == -ENOENT)
err = 0;
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
