apparmor: properly handle cx/px lookup failure for complain - linux - Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/

diff options

author	Ryan Lee <ryan.lee@canonical.com>	2024-08-23 10:14:02 -0700
committer	John Johansen <john.johansen@canonical.com>	2024-11-26 19:21:05 -0800
commit	db93ca15e5aefe868ef095ee830a205f70f38b6e (patch)
tree	8d5f43d7d52a2e809f56302b909d7fb77462f466 /security/apparmor/path.c
parent	apparmor: allocate xmatch for nullpdb inside aa_alloc_null (diff)
download	linux-db93ca15e5aefe868ef095ee830a205f70f38b6e.tar.gz linux-db93ca15e5aefe868ef095ee830a205f70f38b6e.zip

apparmor: properly handle cx/px lookup failure for complain

mode profiles When a cx/px lookup fails, apparmor would deny execution of the binary even in complain mode (where it would audit as allowing execution while actually denying it). Instead, in complain mode, create a new learning profile, just as would have been done if the cx/px line wasn't there. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>

Diffstat (limited to 'security/apparmor/path.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: