[apparmor] [PATCH] apparmor: properly handle cx/px lookup failure for complain mode profiles

[Ryan Lee]

When a cx/px lookup fails, apparmor would deny execution of the binary
even in complain mode (where it would audit as allowing execution while
actually denying it). Instead, in complain mode, create a new learning
profile, just as would have been done if the cx/px line wasn't there.

Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-apparmor-properly-handle-cx-px-lookup-failure-for-co.patch
Type: text/x-patch
Size: 1552 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20240823/2144a587/attachment.bin>