SELinux: Add warning messages on network denial due to error Currently network traffic can be sliently dropped due to non-avc errors which can lead to much confusion when trying to debug the problem. This patch adds warning messages so that when these events occur there is a user visible notification. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 71f1cb05f773661b6fa98c7a635d7a395cd9c55d [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Tue Jan 29 08:51:16 2008 -0500
committer: James Morris <jmorris@namei.org> Wed Jan 30 08:17:30 2008 +1100
tree: a540f89c5d1d081ea2c09105f264adce44d92fa9
parent: effad8df44261031a882e1a895415f7186a5098e [diff] [blame]
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 49c5277..f3c526f 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c

@@ -264,8 +264,12 @@
 
 out:
 	spin_unlock_bh(&sel_netnode_lock);
-	if (ret != 0)
+	if (unlikely(ret)) {
+		printk(KERN_WARNING
+		       "SELinux: failure in sel_netnode_sid_slow(),"
+		       " unable to determine network node label\n");
 		kfree(new);
+	}
 	return ret;
 }
commit	71f1cb05f773661b6fa98c7a635d7a395cd9c55d	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Tue Jan 29 08:51:16 2008 -0500
committer	James Morris <jmorris@namei.org>	Wed Jan 30 08:17:30 2008 +1100
tree	a540f89c5d1d081ea2c09105f264adce44d92fa9
parent	effad8df44261031a882e1a895415f7186a5098e [diff] [blame]