unconfined profiles where not having their profile or namespace audited. However there are only a few special cases where unconfined will result in an audit message, like during policy load.
In these cases it is useful to know which namespace is in use so log the unconfined profile and its namespace as well. Signed-off-by: John Johansen <[email protected]> --- security/apparmor/audit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 796752f..a3d68dc 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -212,8 +212,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) type = AUDIT_APPARMOR_KILL; - if (!profile_unconfined(profile)) - sa->aad->label = &profile->label; + sa->aad->label = &profile->label; aa_audit_msg(type, sa, cb); -- 1.8.1.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
