diff options
author | Eric Paris <eparis@redhat.com> | 2008-11-05 09:34:42 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-09 07:33:18 +0800 |
commit | 39c9aede2b4a252bd296c0a86be832c3d3d0a273 (patch) | |
tree | 2c802930511c40a6d150166a892e68f83fee9851 | |
parent | 1f29fae29709b4668979e244c09b2fa78ff1ad59 (diff) | |
download | lwn-39c9aede2b4a252bd296c0a86be832c3d3d0a273.tar.gz lwn-39c9aede2b4a252bd296c0a86be832c3d3d0a273.zip |
SELinux: Use unknown perm handling to handle unknown netlink msg types
Currently when SELinux has not been updated to handle a netlink message
type the operation is denied with EINVAL. This patch will leave the
audit/warning message so things get fixed but if policy chose to allow
unknowns this will allow the netlink operation.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f71de5a64d0c..7fd4de46b2a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4395,7 +4395,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) "SELinux: unrecognized netlink message" " type=%hu for sclass=%hu\n", nlh->nlmsg_type, isec->sclass); - if (!selinux_enforcing) + if (!selinux_enforcing || security_get_allow_unknown()) err = 0; } |