SELinux: Add warning messages on network denial due to error Currently network traffic can be sliently dropped due to non-avc errors which can lead to much confusion when trying to debug the problem. This patch adds warning messages so that when these events occur there is a user visible notification. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 71f1cb05f773661b6fa98c7a635d7a395cd9c55d [log] [tgz]
author: Paul Moore <paul.moore@hp.com> Tue Jan 29 08:51:16 2008 -0500
committer: James Morris <jmorris@namei.org> Wed Jan 30 08:17:30 2008 +1100
tree: a540f89c5d1d081ea2c09105f264adce44d92fa9
parent: effad8df44261031a882e1a895415f7186a5098e [diff] [blame]
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index ee49a73..013d311 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c

@@ -157,8 +157,12 @@
 	 * currently support containers */
 
 	dev = dev_get_by_index(&init_net, ifindex);
-	if (dev == NULL)
+	if (unlikely(dev == NULL)) {
+		printk(KERN_WARNING
+		       "SELinux: failure in sel_netif_sid_slow(),"
+		       " invalid network interface (%d)\n", ifindex);
 		return -ENOENT;
+	}
 
 	spin_lock_bh(&sel_netif_lock);
 	netif = sel_netif_find(ifindex);
@@ -184,8 +188,13 @@
 out:
 	spin_unlock_bh(&sel_netif_lock);
 	dev_put(dev);
-	if (ret != 0)
+	if (unlikely(ret)) {
+		printk(KERN_WARNING
+		       "SELinux: failure in sel_netif_sid_slow(),"
+		       " unable to determine network interface label (%d)\n",
+		       ifindex);
 		kfree(new);
+	}
 	return ret;
 }
commit	71f1cb05f773661b6fa98c7a635d7a395cd9c55d	[log] [tgz]
author	Paul Moore <paul.moore@hp.com>	Tue Jan 29 08:51:16 2008 -0500
committer	James Morris <jmorris@namei.org>	Wed Jan 30 08:17:30 2008 +1100
tree	a540f89c5d1d081ea2c09105f264adce44d92fa9
parent	effad8df44261031a882e1a895415f7186a5098e [diff] [blame]