From: Paul Moore <paul@paul-moore.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, Richard Guy Briggs <rgb@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>,
Vinson Lee <vlee@twopensource.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
trinity@vger.kernel.org
Subject: Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3
Date: Wed, 05 Nov 2014 16:57:29 -0500 [thread overview]
Message-ID: <18386541.xBZWpSPpcC@sifl> (raw)
In-Reply-To: <545A8DE8.1010106@tycho.nsa.gov>
On Wednesday, November 05, 2014 03:51:52 PM Stephen Smalley wrote:
> On 11/05/2014 03:48 PM, Paul Moore wrote:
> > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote:
> >> Hi.
> >>
> >> trinity triggered this kernel warning in selinux_netlink_send on Linux
> >> 3.18-rc3.
> >
> > It looks like trinity sent a bogus netlink message to the kernel and
> > SELinux responded as I would expect it to, with a WARN_ONCE() message.
> > Thank you for your help in testing, but I don't see a problem here that
> > needs to be resolved.
>
> I guess the only thing new here is that this message used to be directed
> to the audit system via audit_log() and was changed to use WARN_ONCE().
> Why was that change made (the change description gives no rationale)?
My understanding was that the audit record didn't fit the hoped-for-but-not-
really-a-standard name value pair format that the audit folks like. Richard
wanted to either normalize the audit record or replace it with something else.
> Is this an appropriate use of WARN_ONCE()?
In retrospect, we could probably do better. I don't think it should be an
audit record, but I can see the point that a backtrace and scary WARNING!
display are probably a bit too much.
Richard, how about converting this WARN_ONCE() to a printk_once(), or similar?
--
paul moore
www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, Richard Guy Briggs <rgb@redhat.com>
Cc: Vinson Lee <vlee@twopensource.com>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
trinity@vger.kernel.org
Subject: Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3
Date: Wed, 05 Nov 2014 16:57:29 -0500 [thread overview]
Message-ID: <18386541.xBZWpSPpcC@sifl> (raw)
In-Reply-To: <545A8DE8.1010106@tycho.nsa.gov>
On Wednesday, November 05, 2014 03:51:52 PM Stephen Smalley wrote:
> On 11/05/2014 03:48 PM, Paul Moore wrote:
> > On Tuesday, November 04, 2014 12:12:56 PM Vinson Lee wrote:
> >> Hi.
> >>
> >> trinity triggered this kernel warning in selinux_netlink_send on Linux
> >> 3.18-rc3.
> >
> > It looks like trinity sent a bogus netlink message to the kernel and
> > SELinux responded as I would expect it to, with a WARN_ONCE() message.
> > Thank you for your help in testing, but I don't see a problem here that
> > needs to be resolved.
>
> I guess the only thing new here is that this message used to be directed
> to the audit system via audit_log() and was changed to use WARN_ONCE().
> Why was that change made (the change description gives no rationale)?
My understanding was that the audit record didn't fit the hoped-for-but-not-
really-a-standard name value pair format that the audit folks like. Richard
wanted to either normalize the audit record or replace it with something else.
> Is this an appropriate use of WARN_ONCE()?
In retrospect, we could probably do better. I don't think it should be an
audit record, but I can see the point that a backtrace and scary WARNING!
display are probably a bit too much.
Richard, how about converting this WARN_ONCE() to a printk_once(), or similar?
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2014-11-05 21:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-04 20:12 "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 Vinson Lee
2014-11-05 20:48 ` Paul Moore
2014-11-05 20:48 ` Paul Moore
2014-11-05 20:51 ` Stephen Smalley
2014-11-05 20:51 ` Stephen Smalley
2014-11-05 21:57 ` Paul Moore [this message]
2014-11-05 21:57 ` Paul Moore
2014-11-05 22:25 ` Richard Guy Briggs
2014-11-05 22:25 ` Richard Guy Briggs
2014-11-10 20:41 ` Paul Moore
2014-11-10 20:41 ` Paul Moore
2014-11-12 19:01 ` [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() Richard Guy Briggs
2014-11-12 19:01 ` Richard Guy Briggs
2014-11-12 21:21 ` Paul Moore
2014-11-12 21:21 ` Paul Moore
2014-11-12 21:25 ` Richard Guy Briggs
2014-11-12 21:25 ` Richard Guy Briggs
2014-11-12 21:30 ` Paul Moore
2014-11-12 21:30 ` Paul Moore
2014-11-12 21:35 ` Richard Guy Briggs
2014-11-12 21:35 ` Richard Guy Briggs
2014-11-12 21:44 ` Paul Moore
2014-11-12 21:44 ` Paul Moore
2014-11-12 21:36 ` [PATCH] selinux: convert WARN_ONCE() to printk() " Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18386541.xBZWpSPpcC@sifl \
--to=paul@paul-moore.com \
--cc=james.l.morris@oracle.com \
--cc=linux-security-module@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=trinity@vger.kernel.org \
--cc=vlee@twopensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.