Ack: [PATCH Trusty SRU] UBUNTU: SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
Brad Figg
brad.figg at canonical.com
Tue Jun 17 14:37:23 UTC 2014
On 06/17/2014 07:33 AM, Tim Gardner wrote:
> From: John Johansen <john.johansen at canonical.com>
>
> This is a fix to code that is not upstream.
>
> Remove label check warning that is enforcing a condition that is not
> yet always valid in the trusty version of apparmor. The check leaked
> in from later patches in the -dev tree and does not belong in the
> trusty code base.
>
> BugLink: http://bugs.launchpad.net/bugs/1308761
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> (cherry picked from commit 6e7486e74f6501be091cf23e84aa4db19f7beedb)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> security/apparmor/lsm.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index ffb64b6..fe68bd3 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -835,9 +835,6 @@ static int apparmor_unix_may_send(struct socket *sock, struct socket *other)
> struct aa_label *label = __aa_get_current_label();
> int error;
>
> - /* TODO update label instead */
> - AA_BUG(!aa_label_is_subset(cxt->label, label));
> -
> error = xcheck(unix_fs_perm(OP_SENDMSG, label, other->sk, MAY_WRITE),
> unix_fs_perm(OP_SENDMSG, other_cxt->label, sock->sk,
> MAY_READ));
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list