parser: fix warning for rule not enforced

If af_unix rules are not supported but network rules are and --warn=rule-downgraded is not set then the parser will incorrectly output warning when the rule is actually being downgraded. Warning from profile test-profile (./prof): extended network unix socket rules not enforced MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/699 Fixes: https://gitlab.com/apparmor/apparmor/-/issues/144 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve.beattie@canonical.com>
2025-08-31 06:16:03 +00:00 · 2021-01-13 11:21:23 -08:00
parent a83f5d7a85
commit d50262cf2c
1 changed files with 2 additions and 1 deletions
--- a/parser/af_unix.cc
+++ b/parser/af_unix.cc
@@ -322,8 +322,9 @@ int unix_rule::gen_policy_re(Profile &prof)
 				rule_t::warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
 			/* TODO: add ability to abort instead of downgrade */
 			return RULE_OK;
+		} else {
+			warn_once(prof.name);
 		}
-		warn_once(prof.name);
 		return RULE_NOT_SUPPORTED;
 	}