SELinux: better printk when file with invalid label found
Currently when an inode is read into the kernel with an invalid label string (can often happen with removable media) we output a string like: SELinux: inode_doinit_with_dentry: context_to_sid([SOME INVALID LABEL]) returned -22 dor dev=[blah] ino=[blah] Which is all but incomprehensible to all but a couple of us. Instead, on EINVAL only, I plan to output a much more user friendly string and I plan to ratelimit the printk since many of these could be generated very rapidly. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
200ac532a4
commit
4ba0a8ad63
|
@ -1315,10 +1315,19 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
|||
sbsec->def_sid,
|
||||
GFP_NOFS);
|
||||
if (rc) {
|
||||
printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
|
||||
"returned %d for dev=%s ino=%ld\n",
|
||||
__func__, context, -rc,
|
||||
inode->i_sb->s_id, inode->i_ino);
|
||||
char *dev = inode->i_sb->s_id;
|
||||
unsigned long ino = inode->i_ino;
|
||||
|
||||
if (rc == -EINVAL) {
|
||||
if (printk_ratelimit())
|
||||
printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
|
||||
"context=%s. This indicates you may need to relabel the inode or the "
|
||||
"filesystem in question.\n", ino, dev, context);
|
||||
} else {
|
||||
printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
|
||||
"returned %d for dev=%s ino=%ld\n",
|
||||
__func__, context, -rc, dev, ino);
|
||||
}
|
||||
kfree(context);
|
||||
/* Leave with the unlabeled SID */
|
||||
rc = 0;
|
||||
|
|
Loading…
Reference in New Issue