apparmor: force auditing of conflicting attachment execs from confined

Conflicting attachment paths are an error state that result in the
binary in question executing under an unexpected ix/ux fallback. As such,
it should be audited to record the occurrence of conflicting attachments.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index b5e1defbd4ac42679ba1a65e2b9ef872d71742dd..f9370a63a83c0a79efa510dfcc3ce9eba4c98cad 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -729,6 +729,15 @@ static struct aa_label *profile_transition(const struct cred *subj_cred,
                new = x_to_label(profile, bprm, name, perms.xindex, &target,
                                 &info);
                if (new && new->proxy == profile->label.proxy && info) {
+                       /* Force audit on conflicting attachment fallback
+                        * Because perms is never used again after this audit
+                        * we don't need to care about clobbering it
+                        */
+                       if (info == CONFLICTING_ATTACH_STR_IX
+                           || info == CONFLICTING_ATTACH_STR_UX) {
+                               perms.audit |= MAY_EXEC;
+                               perms.allow |= MAY_EXEC;
+                       }
                        /* hack ix fallback - improve how this is detected */
                        goto audit;
                } else if (!new) {