SELinux: Only return netlink error when we know the return is fatal
Some of the SELinux netlink code returns a fatal error when the error might actually be transient. This patch just silently drops packets on potentially transient errors but continues to return a permanant error indicator when the denial was because of policy. Based-on-comments-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NEric Paris <eparis@redhat.com> Reviewed-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Showing
想要评论请 注册 或 登录