projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba77f39)
apparmor: fix quiet_denied for file rules
authorJohn Johansen <john.johansen@canonical.com>
Thu, 29 Apr 2021 08:48:28 +0000 (01:48 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Sat, 9 Jul 2022 22:13:59 +0000 (15:13 -0700)
Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/audit.c patch | blob | history

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index f7e97c7e80f3d400e55436d2f800ac2fd37fa374..704b0c895605a77c487b3c48682dcdbdec04a367 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -137,7 +137,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
        }
        if (AUDIT_MODE(profile) == AUDIT_QUIET ||
            (type == AUDIT_APPARMOR_DENIED &&
-            AUDIT_MODE(profile) == AUDIT_QUIET))
+            AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
                return aad(sa)->error;
 
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
ep93xx device tree rework repo: git://git.maquefel.me/linux.git