mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

fix: auditing of capabilities

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/1378091

The audit flags are not being set correctly by the parser so that

  audit capability XXX,

will not result in an audit message being logged when the capability
is used.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
John Johansen 2014-10-07 12:50:23 -07:00
parent 52cd4835e2
commit 44d2e9dacf
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
parser/parser_yacc.y
View File

@ -793,13 +793,17 @@ rules: rules opt_prefix capability
if ($2.owner)
yyerror(_("owner prefix not allowed on capability rules"));
if ($2.deny)
if ($2.deny && $2.audit) {
$1->caps.deny |= $3;
} else if ($2.deny) {
$1->caps.deny |= $3;
else
$1->caps.allow |= $3;
if (!$2.audit)
$1->caps.quiet |= $3;
} else {
$1->caps.allow |= $3;
if ($2.audit)
$1->caps.audit |= $3;
}
$$ = $1;
};