[PATCH] apparmor: fix 'Do simple duplicate message elimination'
chao liu
liuzgyid at outlook.com
Tue Jun 27 02:03:16 UTC 2023
Multiple profiles shared 'ent->caps', so some logs missed.
Signed-off-by: chao liu <liuzgyid at outlook.com>
---
security/apparmor/capability.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index deccea865..1b13fd89d 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -94,6 +94,8 @@ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile,
return error;
} else {
aa_put_profile(ent->profile);
+ if (profile != ent->profile)
+ cap_clear(ent->caps);
ent->profile = aa_get_profile(profile);
cap_raise(ent->caps, cap);
}
--
2.34.1
More information about the Linux-security-module-archive
mailing list