From 71f1cb05f773661b6fa98c7a635d7a395cd9c55d Mon Sep 17 00:00:00 2001
From: Paul Moore <paul.moore@hp.com>
Date: Tue, 29 Jan 2008 08:51:16 -0500
Subject: SELinux: Add warning messages on network denial due to error

Currently network traffic can be sliently dropped due to non-avc errors which
can lead to much confusion when trying to debug the problem.  This patch adds
warning messages so that when these events occur there is a user visible
notification.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/netnode.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'security/selinux/netnode.c')

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 49c52779924..f3c526f2cac 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -264,8 +264,12 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
 
 out:
 	spin_unlock_bh(&sel_netnode_lock);
-	if (ret != 0)
+	if (unlikely(ret)) {
+		printk(KERN_WARNING
+		       "SELinux: failure in sel_netnode_sid_slow(),"
+		       " unable to determine network node label\n");
 		kfree(new);
+	}
 	return ret;
 }
 
-- 
cgit v1.2.3