]> git.baikalelectronics.ru Git - kernel.git/commitdiff
projects / kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d460500)
apparmor: fix quiet_denied for file rules
authorJohn Johansen <john.johansen@canonical.com>
Thu, 29 Apr 2021 08:48:28 +0000 (01:48 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Aug 2022 09:18:20 +0000 (11:18 +0200)
commit 98b6afd2f48fb2575f5532e61690ddce57466fcf upstream.

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: fd6ebb93872e ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/apparmor/audit.c patch | blob | history

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 5977325038157dc5a12a2d4ed663d7e09f8dbace..68e06d87908ecd31d8812eed11e3bcfac5d333c3 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -139,7 +139,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
        }
        if (AUDIT_MODE(profile) == AUDIT_QUIET ||
            (type == AUDIT_APPARMOR_DENIED &&
-            AUDIT_MODE(profile) == AUDIT_QUIET))
+            AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
                return aad(sa)->error;
 
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
Linux Kernel Source Tree.