[apparmor] [PATCH 42/43] apparmor: audit the profile and namespace for all messages

[John Johansen]

unconfined profiles where not having their profile or namespace audited.
However there are only a few special cases where unconfined will result
in an audit message, like during policy load.

In these cases it is useful to know which namespace is in use so log
the unconfined profile and its namespace as well.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 security/apparmor/audit.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 796752f..a3d68dc 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -212,8 +212,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
 		type = AUDIT_APPARMOR_KILL;
 
-	if (!profile_unconfined(profile))
-		sa->aad->label = &profile->label;
+	sa->aad->label = &profile->label;
 
 	aa_audit_msg(type, sa, cb);
 
-- 
1.7.10.4