[PATCH RFC] netlabel: remove unused param from audit_log_format()

Alex Dewar alex.dewar90 at gmail.com
Thu Aug 27 17:06:34 UTC 2020


On Thu, Aug 27, 2020 at 01:00:58PM -0400, Paul Moore wrote:
> On Thu, Aug 27, 2020 at 12:39 PM Alex Dewar <alex.dewar90 at gmail.com> wrote:
> >
> > Commit d3b990b7f327 ("netlabel: fix problems with mapping removal")
> > added a check to return an error if ret_val != 0, before ret_val is
> > later used in a log message. Now it will unconditionally print "...
> > res=0". So don't print res anymore.
> >
> > Addresses-Coverity: ("Dead code")
> > Fixes: d3b990b7f327 ("netlabel: fix problems with mapping removal")
> > Signed-off-by: Alex Dewar <alex.dewar90 at gmail.com>
> > ---
> >
> > I wasn't sure whether it was intended that something other than ret_val
> > be printed in the log, so that's why I'm sending this as an RFC.
> 
> It's intentional for a couple of reasons:
> 
> * The people who care about audit logs like to see success/fail (e.g.
> "res=X") for audit events/records, so printing this out gives them the
> warm fuzzies.
> 
> * For a lot of awful reasons that I won't bore you with, we really
> don't want to add/remove fields in the middle of an audit record so we
> pretty much need to keep the "res=0" there even if it seems a bit
> redundant.
> 
> So NACK from me, but thanks for paying attention just the same :)

Would you rather just have an explicit "res=0" in there, without looking
at ret_val? The thing is that ret_val will *always* be zero at this point in
the code, because, if not, the function will already have returned.
That's why Coverity flagged it up as a redundant check.

> 
> >  net/netlabel/netlabel_domainhash.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
> > index f73a8382c275..526762b2f3a9 100644
> > --- a/net/netlabel/netlabel_domainhash.c
> > +++ b/net/netlabel/netlabel_domainhash.c
> > @@ -612,9 +612,8 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
> >         audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
> >         if (audit_buf != NULL) {
> >                 audit_log_format(audit_buf,
> > -                                " nlbl_domain=%s res=%u",
> > -                                entry->domain ? entry->domain : "(default)",
> > -                                ret_val == 0 ? 1 : 0);
> > +                                " nlbl_domain=%s",
> > +                                entry->domain ? entry->domain : "(default)");
> >                 audit_log_end(audit_buf);
> >         }
> >
> 
> -- 
> paul moore
> www.paul-moore.com



More information about the Linux-security-module-archive mailing list