From: Paul Moore <paul@paul-moore.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>,
Vinson Lee <vlee@twopensource.com>,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
trinity@vger.kernel.org, Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3
Date: Mon, 10 Nov 2014 15:41:57 -0500 [thread overview]
Message-ID: <2373486.3IgvVOFVQB@sifl> (raw)
In-Reply-To: <20141105222537.GG5902@madcap2.tricolour.ca>
On Wednesday, November 05, 2014 05:25:37 PM Richard Guy Briggs wrote:
> On 14/11/05, Paul Moore wrote:
> > In retrospect, we could probably do better. I don't think it should be an
> > audit record, but I can see the point that a backtrace and scary WARNING!
> > display are probably a bit too much.
> >
> > Richard, how about converting this WARN_ONCE() to a printk_once(), or
> > similar?
>
> I'd be agreeable to that. While I was a bit concerned that a
> WARN_ONCE() could be lost in the noise (evidently that's not the case!)
> a printk_once() would more likely get lost in the noise. Would it make
> sense to make it a bit less infrequent than printk_once() and rate-limit
> it at say, one per 5 seconds or more?
Let's just go with printk_once() for right now. We probably need to have a
better, more consistent approach to error messages not related to the normal
access control stuff, however, I'd like to fix this for the v3.18-rcX releases
and that is a bit out of scope for right now.
Ideally I'd like to fix it this week. Richard, any chance you can submit a
patch by the end of the day on Tuesday? It really should be trivial; if you
can't let me know and I'll take care of it.
--
paul moore
www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Vinson Lee <vlee@twopensource.com>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org,
trinity@vger.kernel.org
Subject: Re: "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3
Date: Mon, 10 Nov 2014 15:41:57 -0500 [thread overview]
Message-ID: <2373486.3IgvVOFVQB@sifl> (raw)
In-Reply-To: <20141105222537.GG5902@madcap2.tricolour.ca>
On Wednesday, November 05, 2014 05:25:37 PM Richard Guy Briggs wrote:
> On 14/11/05, Paul Moore wrote:
> > In retrospect, we could probably do better. I don't think it should be an
> > audit record, but I can see the point that a backtrace and scary WARNING!
> > display are probably a bit too much.
> >
> > Richard, how about converting this WARN_ONCE() to a printk_once(), or
> > similar?
>
> I'd be agreeable to that. While I was a bit concerned that a
> WARN_ONCE() could be lost in the noise (evidently that's not the case!)
> a printk_once() would more likely get lost in the noise. Would it make
> sense to make it a bit less infrequent than printk_once() and rate-limit
> it at say, one per 5 seconds or more?
Let's just go with printk_once() for right now. We probably need to have a
better, more consistent approach to error messages not related to the normal
access control stuff, however, I'd like to fix this for the v3.18-rcX releases
and that is a bit out of scope for right now.
Ideally I'd like to fix it this week. Richard, any chance you can submit a
patch by the end of the day on Tuesday? It really should be trivial; if you
can't let me know and I'll take care of it.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2014-11-10 20:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-04 20:12 "selinux_nlmsg_perm: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=30" warning on Linux 3.18-rc3 Vinson Lee
2014-11-05 20:48 ` Paul Moore
2014-11-05 20:48 ` Paul Moore
2014-11-05 20:51 ` Stephen Smalley
2014-11-05 20:51 ` Stephen Smalley
2014-11-05 21:57 ` Paul Moore
2014-11-05 21:57 ` Paul Moore
2014-11-05 22:25 ` Richard Guy Briggs
2014-11-05 22:25 ` Richard Guy Briggs
2014-11-10 20:41 ` Paul Moore [this message]
2014-11-10 20:41 ` Paul Moore
2014-11-12 19:01 ` [PATCH] selinux: convert WARN_ONCE() to printk_once() in selinux_nlmsg_perm() Richard Guy Briggs
2014-11-12 19:01 ` Richard Guy Briggs
2014-11-12 21:21 ` Paul Moore
2014-11-12 21:21 ` Paul Moore
2014-11-12 21:25 ` Richard Guy Briggs
2014-11-12 21:25 ` Richard Guy Briggs
2014-11-12 21:30 ` Paul Moore
2014-11-12 21:30 ` Paul Moore
2014-11-12 21:35 ` Richard Guy Briggs
2014-11-12 21:35 ` Richard Guy Briggs
2014-11-12 21:44 ` Paul Moore
2014-11-12 21:44 ` Paul Moore
2014-11-12 21:36 ` [PATCH] selinux: convert WARN_ONCE() to printk() " Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2373486.3IgvVOFVQB@sifl \
--to=paul@paul-moore.com \
--cc=james.l.morris@oracle.com \
--cc=linux-security-module@vger.kernel.org \
--cc=rgb@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=trinity@vger.kernel.org \
--cc=vlee@twopensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.