Commit 39c9aede authored Nov 05, 2008 by Eric Paris Committed by James Morris Nov 09, 2008

SELinux: Use unknown perm handling to handle unknown netlink msg types



Currently when SELinux has not been updated to handle a netlink message
type the operation is denied with EINVAL.  This patch will leave the
audit/warning message so things get fixed but if policy chose to allow
unknowns this will allow the netlink operation.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

parent 1f29fae2

security/selinux/hooks.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -4395,7 +4395,7 @@ static int selinux_nlmsg_perm(struct sock sk, struct sk_buff skb)
		"SELinux: unrecognized netlink message"
		" type=%hu for sclass=%hu\n",
		nlh->nlmsg_type, isec->sclass);
		if (!selinux_enforcing)
		if (!selinux_enforcing \|\| security_get_allow_unknown())
		err = 0;
		}