1 From: John Johansen <jjohansen@suse.de>
2 Subject: fix enforcement of deny rules in complain mode
6 Fix enforcement of deny rules so that they are not enforced in complain
7 mode. This is necessary so that application behavior is not changed by
8 the presence of the deny rule.
10 Signed-off-by: John Johansen <jjohansen@suse.de>
13 security/apparmor/main.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
16 --- a/security/apparmor/main.c
17 +++ b/security/apparmor/main.c
18 @@ -325,7 +325,7 @@ static int aa_audit_file(struct aa_profi
20 int mask = AUDIT_QUIET_MASK(sa->audit_mask);
22 - if (!(sa->denied_mask & ~mask))
23 + if (!(sa->denied_mask & ~mask) && !PROFILE_COMPLAIN(profile))
24 return sa->error_code;
26 /* mask off perms whose denial is being silenced */