path: root/security/lockdown/lockdown.c
diff options
authorMatthew Garrett <>2019-08-19 17:18:05 -0700
committerJames Morris <>2019-08-19 21:54:17 -0700
commitb602614a81078bf29c82b2671bb96a63488f68d6 (patch)
treeeb83d8f6461eeff1bd51eda39267ab0f523bd5f8 /security/lockdown/lockdown.c
parent1957a85b0032a81e6482ca4aab883643b8dae06e (diff)
lockdown: Print current->comm in restriction messages
Print the content of current->comm in messages generated by lockdown to indicate a restriction that was hit. This makes it a bit easier to find out what caused the message. The message now patterned something like: Lockdown: <comm>: <what> is restricted; see man kernel_lockdown.7 Signed-off-by: David Howells <> Signed-off-by: Matthew Garrett <> Reviewed-by: Kees Cook <> Signed-off-by: James Morris <>
Diffstat (limited to 'security/lockdown/lockdown.c')
1 files changed, 6 insertions, 2 deletions
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 84df03b1f5a7..0068cec77c05 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -81,10 +81,14 @@ early_param("lockdown", lockdown_param);
static int lockdown_is_locked_down(enum lockdown_reason what)
+ "Invalid lockdown reason"))
+ return -EPERM;
if (kernel_locked_down >= what) {
if (lockdown_reasons[what])
- pr_notice("Lockdown: %s is restricted; see man kernel_lockdown.7\n",
- lockdown_reasons[what]);
+ pr_notice("Lockdown: %s: %s is restricted; see man kernel_lockdown.7\n",
+ current->comm, lockdown_reasons[what]);
return -EPERM;