[apparmor] [PATCH 02/16] AppArmor: Fix dropping of allowed operations that are force audited
Kees Cook
kees at ubuntu.com
Wed Feb 22 20:25:38 UTC 2012
On Wed, Feb 22, 2012 at 09:10:27AM -0800, John Johansen wrote:
> The audit permission flag, that specifies an audit message should be
> provided when an operation is allowed, was being ignored in some cases.
>
> This is because the auto audit mode (which determines the audit mode from
> system flags) was incorrectly assigned the same value as audit mode. The
> shared value would result in messages that should be audited going through
> a second evaluation as to whether they should be audited based on the
> auto audit, resulting in some messages being dropped.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Signed-off-by: Kees Cook <kees at ubuntu.com>
--
Kees Cook
More information about the AppArmor
mailing list