SELinux: Use unknown perm handling to handle unknown netlink msg types Currently when SELinux has not been updated to handle a netlink message type the operation is denied with EINVAL. This patch will leave the audit/warning message so things get fixed but if policy chose to allow unknowns this will allow the netlink operation. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 39c9aede2b4a252bd296c0a86be832c3d3d0a273 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Nov 05 09:34:42 2008 -0500
committer: James Morris <jmorris@namei.org> Sun Nov 09 07:33:18 2008 +0800
tree: 2c802930511c40a6d150166a892e68f83fee9851
parent: 1f29fae29709b4668979e244c09b2fa78ff1ad59 [diff]
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f71de5a..7fd4de4 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -4395,7 +4395,7 @@
 				  "SELinux:  unrecognized netlink message"
 				  " type=%hu for sclass=%hu\n",
 				  nlh->nlmsg_type, isec->sclass);
-			if (!selinux_enforcing)
+			if (!selinux_enforcing || security_get_allow_unknown())
 				err = 0;
 		}
commit	39c9aede2b4a252bd296c0a86be832c3d3d0a273	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Nov 05 09:34:42 2008 -0500
committer	James Morris <jmorris@namei.org>	Sun Nov 09 07:33:18 2008 +0800
tree	2c802930511c40a6d150166a892e68f83fee9851
parent	1f29fae29709b4668979e244c09b2fa78ff1ad59 [diff]