]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: don't audit files pointing to aa_null.dentry
authorGeorgia Garcia <georgia.garcia@canonical.com>
Thu, 28 May 2026 19:04:12 +0000 (16:04 -0300)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 14 Jun 2026 03:20:05 +0000 (20:20 -0700)
In
  commit 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases")
there was a change to not audit files pointing to
aa_null.dentry because they provide no value, but setting the error
variable instead of returning -EACCES was still causing them to be
audited.

Fixes: 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases")
Acked-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/file.c

index 694e157149e85e47961f8217f8dc8afc80db16e3..fc5abd5473c850d525f654555275c6b463b77035 100644 (file)
@@ -157,7 +157,7 @@ static int path_name(const char *op, const struct cred *subj_cred,
 
        /* don't reaudit files closed during inheritance */
        if (unlikely(path->dentry == aa_null.dentry))
-               error = -EACCES;
+               return -EACCES;
        else
                error = aa_path_name(path, flags, buffer, name, &info,
                                     labels_profile(label)->disconnected);