Any process is able to send netlink messages with invalid types. Make the warning rate-limited to prevent too much log spam.
The warning is supposed to hel Reported-by: Florian Weimer <[email protected]> Signed-off-by: Vladis Dronov <[email protected]> --- security/selinux/hooks.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e4369d8..bf5010b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4787,10 +4787,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); if (err) { if (err == -EINVAL) { - printk(KERN_WARNING - "SELinux: unrecognized netlink message:" - " protocol=%hu nlmsg_type=%hu sclass=%s\n", - sk->sk_protocol, nlh->nlmsg_type, + pr_warn_ratelimited("SELinux: unrecognized netlink" + " message: protocol=%hu nlmsg_type=%hu" + " sclass=%s\n", sk->sk_protocol, nlh->nlmsg_type, secclass_map[sksec->sclass - 1].name); if (!selinux_enforcing || security_get_allow_unknown()) err = 0; -- -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
