]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c3b9b93)
apparmor: fix quiet_denied for file rules
authorJohn Johansen <john.johansen@canonical.com>
Thu, 29 Apr 2021 08:48:28 +0000 (01:48 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Aug 2022 09:15:35 +0000 (11:15 +0200)
commit 68ff8540cc9e4ab557065b3f635c1ff4c96e1f1c upstream.

Global quieting of denied AppArmor generated file events is not
handled correctly. Unfortunately the is checking if quieting of all
audit events is set instead of just denied events.

Fixes: 67012e8209df ("AppArmor: basic auditing infrastructure.")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
security/apparmor/audit.c patch | blob | blame | history

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 70b9730c0be6a58c8e528eab983cc33bad544c74..86ce3ec18a8aad523134bd4b37731ffea953defb 100644 (file)
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -143,7 +143,7 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
        }
        if (AUDIT_MODE(profile) == AUDIT_QUIET ||
            (type == AUDIT_APPARMOR_DENIED &&
-            AUDIT_MODE(profile) == AUDIT_QUIET))
+            AUDIT_MODE(profile) == AUDIT_QUIET_DENIED))
                return aad(sa)->error;
 
        if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git