UBUNTU: SAUCE: (no-up) apparmor: Fix quieting of audit messages for network mediation

This fixes a bug in the apparmor networking patch that is not upstream because it is being replaced by a newer patch. BugLink: http://bugs.launchpad.net/bugs/1163259 If a profile specified a quieting of network denials for a given rule by either the quiet or deny rule qualifiers, the resultant quiet mask for denied requests was applied incorrectly, resulting in two potential bugs. 1. The misapplied quiet mask would prevent denials from being correctly tested against the kill mask/mode. Thus network access requests that should have resulted in the application being killed did not. 2. The actual quieting of the denied network request was not being applied. This would result in network rejections always being logged even when they had been specifically marked as quieted. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Andy Whitcroft <apw@canonical.com> Acked-by: Colin King <colin.king@canonical.com> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
2026-03-24 19:40:21 +09:00 · 2012-06-29 17:34:00 -07:00
parent 6a09b37b5c
commit 623e16c8ca
1 changed files with 1 additions and 1 deletions
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -88,7 +88,7 @@ static int audit_net(struct aa_profile *profile, int op, u16 family, int type,
 	} else {
 		u16 quiet_mask = profile->net.quiet[sa.u.net->family];
 		u16 kill_mask = 0;
-		u16 denied = (1 << sa.aad->net.type) & ~quiet_mask;
+		u16 denied = (1 << sa.aad->net.type);

 		if (denied & kill_mask)
 			audit_type = AUDIT_APPARMOR_KILL;