const char *info = NULL, *name = NULL, *target = NULL;
unsigned int state = profile->file.start;
struct aa_perms perms = {};
- bool nonewprivs = false;
int error = 0;
AA_BUG(!profile);
!aa_label_is_subset(new, &profile->label)) {
error = -EPERM;
info = "no new privs";
- nonewprivs = true;
+ aa_put_label(new);
+ new = NULL;
goto audit;
}
audit:
aa_audit_file(profile, &perms, OP_EXEC, MAY_EXEC, name, target, new,
cond->uid, info, error);
- if (!new || nonewprivs) {
- aa_put_label(new);
+ if (error) {
+ if (new)
+ aa_put_label(new);
return ERR_PTR(error);
}