Commit cded3fff authored Jun 04, 2015 by Marek Milkovic Committed by Paul Moore Jun 04, 2015

selinux: Print 'sclass' as string when unrecognized netlink message occurs



This prints the 'sclass' field as string instead of index in unrecognized netlink message.
The textual representation makes it easier to distinguish the right class.

Signed-off-by: Marek Milkovic <mmilkovi@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: 80-char width fixes]
Signed-off-by: Paul Moore <pmoore@redhat.com>

parent e6e29a4e

security/selinux/hooks.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -4713,8 +4713,9 @@ static int selinux_nlmsg_perm(struct sock sk, struct sk_buff skb)
		if (err == -EINVAL) {
		printk(KERN_WARNING
		"SELinux: unrecognized netlink message:"
		" protocol=%hu nlmsg_type=%hu sclass=%hu\n",
		sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
		" protocol=%hu nlmsg_type=%hu sclass=%s\n",
		sk->sk_protocol, nlh->nlmsg_type,
		secclass_map[sksec->sclass - 1].name);
		if (!selinux_enforcing \|\| security_get_allow_unknown())
		err = 0;
		}