[apparmor] [PATCH 32/32] apparmor: Fix quieting of audit messages for network mediation

John Johansen john.johansen at canonical.com
Fri Feb 1 01:50:41 UTC 2013


On 01/31/2013 05:44 PM, Seth Arnold wrote:
> On Wed, Jan 16, 2013 at 01:29:01PM -0800, John Johansen wrote:
>> From: John Johansen <john.johansen at canonical.com>
>>
>> If a profile specified a quieting of network denials for a given rule by
>> either the quiet or deny rule qualifiers, the resultant quiet mask for
>> denied requests was applied incorrectly, resulting in two potential bugs.
>> 1. The misapplied quiet mask would prevent denials from being correctly
>>    tested against the kill mask/mode. Thus network access requests that
>>    should have resulted in the application being killed did not.
>>
>> 2. The actual quieting of the denied network request was not being applied.
>>    This would result in network rejections always being logged even when
>>    they had been specifically marked as quieted.
>>
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
> 
> This is a one-line fix to the previous patch -- you might as well
> collapse them into one patch. :)
> 
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> 
Actual reason its not collapsed is because the networking patch is being
replaced. These two are just temporary place holders





More information about the AppArmor mailing list