lockdown: ratelimit denial messages
User space can flood the log with lockdown denial messages: [ 662.555584] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.563237] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.571134] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.578668] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.586021] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.593398] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 Ratelimiting these shouldn't meaningfully degrade the quality of the information logged. Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
abec3d015f
commit
1e7d8bcbe3
|
@ -63,7 +63,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
|
|||
|
||||
if (kernel_locked_down >= what) {
|
||||
if (lockdown_reasons[what])
|
||||
pr_notice("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
|
||||
pr_notice_ratelimited("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
|
||||
current->comm, lockdown_reasons[what]);
|
||||
return -EPERM;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue