lockdown: ratelimit denial messages

User space can flood the log with lockdown denial messages: [ 662.555584] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.563237] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.571134] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.578668] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.586021] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 [ 662.593398] Lockdown: bash: debugfs access is restricted; see man kernel_lockdown.7 Ratelimiting these shouldn't meaningfully degrade the quality of the information logged. Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Nathan Lynch 2022-09-08 17:02:22 -0500
committer: Paul Moore 2022-09-14 07:37:50 -0400
commit: 1e7d8bcbe37d3c63babe628443f13f77970dd06b (patch)
tree: b8dfa6b6f58903a95d47781a42815da1930078a1 /security/lockdown
parent: abec3d015fdfb7c63105c7e1c956188bf381aa55 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 87cbdc64d272..a79b985e917e 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -63,7 +63,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
 
 	if (kernel_locked_down >= what) {
 		if (lockdown_reasons[what])
-			pr_notice("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
+			pr_notice_ratelimited("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
 				  current->comm, lockdown_reasons[what]);
 		return -EPERM;
 	}
author	Nathan Lynch	2022-09-08 17:02:22 -0500
committer	Paul Moore	2022-09-14 07:37:50 -0400
commit	1e7d8bcbe37d3c63babe628443f13f77970dd06b (patch)
tree	b8dfa6b6f58903a95d47781a42815da1930078a1 /security/lockdown
parent	abec3d015fdfb7c63105c7e1c956188bf381aa55 (diff)