Commit ee5de60a authored by Ondrej Mosnacek's avatar Ondrej Mosnacek Committed by Paul Moore

selinuxfs: unify policy load error reporting

Let's drop the pr_err()s from sel_make_policy_nodes() and just add one
pr_warn_ratelimited() call to the sel_make_policy_nodes() error path in
sel_write_load().

Changing from error to warning makes sense, since after 02a52c5c
("selinux: move policy commit after updating selinuxfs"), this error
path no longer leads to a broken selinuxfs tree (it's just kept in the
original state and policy load is aborted).

I also added _ratelimited to be consistent with the other prtin in the
same function (it's probably not necessary, but can't really hurt...
there are likely more important error messages to be printed when
filesystem entry creation starts erroring out).
Suggested-by: default avatarPaul Moore <paul@paul-moore.com>
Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 6406887a
...@@ -563,17 +563,13 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi, ...@@ -563,17 +563,13 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num, ret = sel_make_bools(newpolicy, tmp_bool_dir, &tmp_bool_num,
&tmp_bool_names, &tmp_bool_values); &tmp_bool_names, &tmp_bool_values);
if (ret) { if (ret)
pr_err("SELinux: failed to load policy booleans\n");
goto out; goto out;
}
ret = sel_make_classes(newpolicy, tmp_class_dir, ret = sel_make_classes(newpolicy, tmp_class_dir,
&fsi->last_class_ino); &fsi->last_class_ino);
if (ret) { if (ret)
pr_err("SELinux: failed to load policy classes\n");
goto out; goto out;
}
/* booleans */ /* booleans */
old_dentry = fsi->bool_dir; old_dentry = fsi->bool_dir;
...@@ -650,6 +646,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, ...@@ -650,6 +646,7 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
length = sel_make_policy_nodes(fsi, load_state.policy); length = sel_make_policy_nodes(fsi, load_state.policy);
if (length) { if (length) {
pr_warn_ratelimited("SELinux: failed to initialize selinuxfs\n");
selinux_policy_cancel(fsi->state, &load_state); selinux_policy_cancel(fsi->state, &load_state);
goto out; goto out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment