summaryrefslogtreecommitdiff
path: root/security/lockdown
diff options
context:
space:
mode:
authorNathan Lynch <nathanl@linux.ibm.com>2022-09-08 17:02:22 -0500
committerPaul Moore <paul@paul-moore.com>2022-09-14 07:37:50 -0400
commit1e7d8bcbe37d3c63babe628443f13f77970dd06b (patch)
treeb8dfa6b6f58903a95d47781a42815da1930078a1 /security/lockdown
parentabec3d015fdfb7c63105c7e1c956188bf381aa55 (diff)
lockdown: ratelimit denial messages
User space can flood the log with lockdown denial messages: [ 662.555584] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.563237] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.571134] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.578668] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.586021] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.593398] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 Ratelimiting these shouldn't meaningfully degrade the quality of the information logged. Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/lockdown')
-rw-r--r--security/lockdown/lockdown.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 87cbdc64d272..a79b985e917e 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -63,7 +63,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
if (kernel_locked_down >= what) {
if (lockdown_reasons[what])
- pr_notice("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
+ pr_notice_ratelimited("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
current->comm, lockdown_reasons[what]);
return -EPERM;
}