]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 53edfe8) | patch
UBUNTU: SAUCE: fix regression with domain change in complain mode
authorJohn Johansen <john.johansen@canonical.com>
Fri, 31 Mar 2017 13:25:35 +0000 (06:25 -0700)
committerThadeu Lima de Souza Cascardo <cascardo@canonical.com>
Thu, 6 Apr 2017 08:26:24 +0000 (09:26 +0100)
commitfd0cbfdbfad7c8d186b52d01a2bfb231432b6e86
treedb6f80198a1433a2d2dc0a4ea9ecdf073f27f860tree
parent53edfe8052aec412b09efa29342ef7362870686acommit | diff
UBUNTU: SAUCE: fix regression with domain change in complain mode

The patch
Fix no_new_privs blocking change_onexec when using stacked namespaces

changed when the no_new_privs checks is processed so the test could
be correctly applied in a stacked profile situation.

However it changed the behavior of the error returned in complain mode,
which will have both @error and @new set.

Fix this by introducing a new var to indicate the no_new_privs condition
instead of relying on error. While doing this allow the new label under
no new privs to be audited, by having its reference put in the error path,
instead of in the no_new_privs condition check.

BugLink: http://bugs.launchpad.net/bugs/1661030
BugLink: http://bugs.launchpad.net/bugs/1648903
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
security/apparmor/domain.c diff | blob | blame | history
Ubuntu Artful kernel mirror