UBUNTU: SAUCE: apparmor: Fix auditing behavior for change_hat probing

change_hat using probing to find and transition to the first available
hat. Hats missing as part of this probe are expected and should not
be logged except in complain mode.

BugLink: http://bugs.launchpad.net/bugs/1615893
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 35ed7c2d093a924a219f4fb2b826db7ce98aed71..a701534abda23208b374b38633d14fe91c27b05b 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -931,12 +931,20 @@ static struct aa_label *change_hat(struct aa_label *label, const char *hats[],
        error = -ECHILD;
 
 fail:
-       fn_for_each_in_ns(label, profile,
-               /* no target as it has failed to be found or built */
+       label_for_each_in_ns(it, labels_ns(label), label, profile) {
+               /*
+                * no target as it has failed to be found or built
+                *
+                * change_hat uses probing and should not log failures
+                * related to missing hats
+                */
                /* TODO: get rid of GLOBAL_ROOT_UID */
-               aa_audit_file(profile, &nullperms, OP_CHANGE_HAT,
-                             AA_MAY_CHANGEHAT, name, NULL, NULL,
-                             GLOBAL_ROOT_UID, info, error));
+               if (count > 1 || COMPLAIN_MODE(profile)) {
+                       aa_audit_file(profile, &nullperms, OP_CHANGE_HAT,
+                                     AA_MAY_CHANGEHAT, name, NULL, NULL,
+                                     GLOBAL_ROOT_UID, info, error);
+               }
+       }
        return (ERR_PTR(error));
 
 build: