On Thu, 28 May 2026 16:04:12 -0300, Georgia Garcia wrote:
> In 4a134723f9f1 there was a change to not audit files pointing to
> aa_null.dentry because they provide no value, but setting the error
> variable instead of returning -EACCES was still causing them to be
> audited.
It might be worth mentioning that some callers don't explicitly
initialize @name, which may be dereferenced in the subsequent
aa_audit_file() path.
> Fixes: 4a134723f9f1 ("apparmor: move check for aa_null file to cover all
> cases")
> Signed-off-by: Georgia Garcia <[email protected]>
Acked-by: David Disseldorp <[email protected]>
> ---
> security/apparmor/file.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/apparmor/file.c b/security/apparmor/file.c
> index 694e157149e8..fc5abd5473c8 100644
> --- a/security/apparmor/file.c
> +++ b/security/apparmor/file.c
> @@ -157,7 +157,7 @@ static int path_name(const char *op, const struct cred
> *subj_cred,
>
> /* don't reaudit files closed during inheritance */
> if (unlikely(path->dentry == aa_null.dentry))
> - error = -EACCES;
> + return -EACCES;
> else
> error = aa_path_name(path, flags, buffer, name, &info,
> labels_profile(label)->disconnected);
