[PATCH 09/11] UBUNTU: SAUCE: apparmor: null profiles should inherit parent control flags

John Johansen john.johansen at canonical.com
Fri Mar 31 12:57:42 UTC 2017

null profiles that don't have the same control flags as the parent
behave in unexpected ways and can cause failures.

BugLink: http://bugs.launchpad.net/bugs/1656121
Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
Acked-by: Brad Figg <brad.figg at canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
 security/apparmor/policy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index f2ffcf1..f5f286a 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -350,6 +350,7 @@ name:
 	profile->label.flags |= FLAG_NULL;
 	if (hat)
 		profile->label.flags |= FLAG_HAT;
+	profile->path_flags = parent->path_flags;
 	/* released on free_profile */
 	rcu_assign_pointer(profile->parent, aa_get_profile(parent));

More information about the kernel-team mailing list