Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: remove redundant perms.allow MAY_EXEC bitflag set
This section of profile_transition that occurs after x_to_label only
happens if perms.allow already has the MAY_EXEC bit set, so we don't need
to set it again.
Fixes: 16916b17b4f8 ("apparmor: force auditing of conflicting attachment execs from confined")
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
authored by
Ryan Lee
and committed by
John Johansen
4ce7d3cf
da0edaba
+1
-3
+1
-3
security/apparmor/domain.c
+1
-3
security/apparmor/domain.c
···
734
734
* we don't need to care about clobbering it
735
735
*/
736
736
if (info == CONFLICTING_ATTACH_STR_IX
737
-
|| info == CONFLICTING_ATTACH_STR_UX) {
737
+
|| info == CONFLICTING_ATTACH_STR_UX)
738
738
perms.audit |= MAY_EXEC;
739
-
perms.allow |= MAY_EXEC;
740
-
}
741
739
/* hack ix fallback - improve how this is detected */
742
740
goto audit;
743
741
} else if (!new) {