[apparmor] [patch 10/11] mod_apparmor: eliminate unnecessary back out aa_change_hat() calls

[John Johansen]

On 01/23/2014 02:45 AM, Steve Beattie wrote:
> This patch removes unnecessary back out aa_change_hat() calls that occur
> if the prior call to aa_change_hat() call failed. It used to be case
> that an aa_change_hat() call that failed would result in the task being
> placed in a profile with no permissions except the ability to
> aa_change_hat() back out, but this behavior has been removed from
> apparmor for many, many years now.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  changehat/mod_apparmor/mod_apparmor.c |    2 --
>  1 file changed, 2 deletions(-)
> 
> Index: b/changehat/mod_apparmor/mod_apparmor.c
> ===================================================================
> --- a/changehat/mod_apparmor/mod_apparmor.c
> +++ b/changehat/mod_apparmor/mod_apparmor.c
> @@ -97,7 +97,6 @@ immunix_child_init (apr_pool_t *p, serve
>  		    "init: calling change_hat with '%s'", DEFAULT_HAT);
>      ret = aa_change_hat(DEFAULT_HAT, magic_token);
>      if (ret < 0) {
> -    	aa_change_hat(NULL, magic_token);
>          ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "Failed to change_hat to '%s'",
>  			DEFAULT_HAT);
>      } else {
> @@ -239,7 +238,6 @@ immunix_exit_hat (request_rec *r)
>  
>      sd_ret = aa_change_hat(DEFAULT_HAT, magic_token);
>      if (sd_ret < 0) {
> -    	aa_change_hat(NULL, magic_token);
>          ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Failed to change_hat to '%s'",
>  			DEFAULT_HAT);
>      } else {
> 
> 
> -- AppArmor mailing list AppArmor at lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>