[RFC PATCH v1 3/7] selinux: Fix inode numbers in error messages
Mickaël Salaün
mic at digikod.net
Thu Oct 10 15:26:43 UTC 2024
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Paul Moore <paul at paul-moore.com>
Cc: Stephen Smalley <stephen.smalley.work at gmail.com>
Cc: Ondrej Mosnacek <omosnace at redhat.com>
Signed-off-by: Mickaël Salaün <mic at digikod.net>
---
security/selinux/hooks.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index fc926d3cac6e..60b31b35f475 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1384,8 +1384,8 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
if (rc < 0) {
kfree(context);
if (rc != -ENODATA) {
- pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
- __func__, -rc, inode->i_sb->s_id, inode->i_ino);
+ pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%llu\n",
+ __func__, -rc, inode->i_sb->s_id, inode_get_ino(inode));
return rc;
}
*sid = def_sid;
@@ -1396,13 +1396,13 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
def_sid, GFP_NOFS);
if (rc) {
char *dev = inode->i_sb->s_id;
- unsigned long ino = inode->i_ino;
+ u64 ino = inode_get_ino(inode);
if (rc == -EINVAL) {
- pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
+ pr_notice_ratelimited("SELinux: inode=%llu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
ino, dev, context);
} else {
- pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
+ pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%llu\n",
__func__, context, -rc, dev, ino);
}
}
@@ -3324,8 +3324,8 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
&newsid);
if (rc) {
pr_err("SELinux: unable to map context to SID"
- "for (%s, %lu), rc=%d\n",
- inode->i_sb->s_id, inode->i_ino, -rc);
+ "for (%s, %llu), rc=%d\n",
+ inode->i_sb->s_id, inode_get_ino(inode), -rc);
return;
}
--
2.46.1
More information about the Linux-security-module-archive
mailing list