[apparmor] [PATCH 42/43] apparmor: audit the profile and namespace for all messages

John Johansen john.johansen at canonical.com
Fri Feb 8 21:01:18 UTC 2013

unconfined profiles where not having their profile or namespace audited.
However there are only a few special cases where unconfined will result
in an audit message, like during policy load.

In these cases it is useful to know which namespace is in use so log
the unconfined profile and its namespace as well.

Signed-off-by: John Johansen <john.johansen at canonical.com>
 security/apparmor/audit.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 796752f..a3d68dc 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -212,8 +212,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
 	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
-	if (!profile_unconfined(profile))
-		sa->aad->label = &profile->label;
+	sa->aad->label = &profile->label;
 	aa_audit_msg(type, sa, cb);

More information about the AppArmor mailing list