mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

parser: fix warning for rule not enforced

Browse Source 
If af_unix rules are not supported but network rules are and
--warn=rule-downgraded is not set then the parser will incorrectly
output warning when the rule is actually being downgraded.

  Warning from profile test-profile (./prof): extended network unix socket rules not enforced

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/699
Fixes: https://gitlab.com/apparmor/apparmor/-/issues/144
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve.beattie@canonical.com>
This commit is contained in:
John Johansen
2021-01-13 11:21:23 -08:00
parent a83f5d7a85
commit d50262cf2c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
parser/af_unix.cc
View File

@@ -322,8 +322,9 @@ int unix_rule::gen_policy_re(Profile &prof)
rule_t::warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
/* TODO: add ability to abort instead of downgrade */
return RULE_OK;
} else {
warn_once(prof.name);
}
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}