[apparmor] [patch][parser] fix: auditing of capabilities
John Johansen
john.johansen at canonical.com
Tue Oct 7 11:22:19 UTC 2014
The audit flags are not being set correctly by the parser so that
audit capability XXX,
will not result in an audit message being logged when the capability
is used.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
=== modified file 'parser/parser_yacc.y'
--- parser/parser_yacc.y 2014-09-03 20:22:26 +0000
+++ parser/parser_yacc.y 2014-10-07 11:17:18 +0000
@@ -793,13 +793,17 @@
if ($2.owner)
yyerror(_("owner prefix not allowed on capability rules"));
- if ($2.deny)
- $1->caps.deny |= $3;
- else
+ if ($2.deny && $2.audit) {
+ $1->caps.deny |= $3;
+ } else if ($2.deny) {
+ $1->caps.deny |= $3;
+ $1->caps.quiet |= $3;
+ } else {
$1->caps.allow |= $3;
+ if ($2.audit)
+ $1->caps.audit |= $3;
+ }
- if (!$2.audit)
- $1->caps.quiet |= $3;
$$ = $1;
};
More information about the AppArmor
mailing list