This is a sync and squash to the apparmor 3 RC 1 development snapshot.
The set of patches in this squash are available at the apparmor-3.RC1
tag in git://kernel.ubuntu.com/jj/ubuntu-utopic.git.
This cleans up several functions over the alpha6 sync, and includes
multiple bug fixes. In addition it picks up
- new network mediation
- fine grained mediation of all unix socket types
In addition to the apparmor 3 RC 1 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: 3.4 backport alias file_open 83d49856
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.15 backport revert nick kvfree() from apparmor
- apparmor: backport setup base backport files
BugLink: http://bugs.launchpad.net/bugs/1362199
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
replace usage of the write_can_lock macro with our own write_is_locked
macro. AppArmor's use of write_can_lock is with AA_BUG statements
to assert the correct lock is being held.
However on none SMP machines write_can_lock is always true causing
the AA_BUG assert to fail. Define our own macro that can have the
correct semantics for the assert on none SMP machines.
BugLink: http://bugs.launchpad.net/bugs/1323530
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
The apparmor/dbus support needs to allocate buffers in
atomic context (i.e: holding a spinlock) since that is
not possible, it declares a static per cpu array of
buffers and has accessor macros to get and put buffers.
Since the buffer array is a per cpu variable, it can
only be concurrently accessed by the same cpu and this
can only happen if the kernel is preempted.
So the get_buffers() macro disables preemption with
preempt_disable() so the buffer can be accessed safely.
Grabbing a spinlock also makes the kernel to disable
preemption so a raw __get_buffers() function can be used
in this case that does not call preempt_disable().
The raw __get_buffers() function was called from file_path_perm()
since a spinlock was held by the calling revalidate_tty() function.
But this is not the only place where file_path_perm() is called,
it is also called by match_file() which is not in atomic context
and thus doesn't disable preemption before so the __get_buffers()
macro was complaining with a WARN_ON(preempt_count() <= 0) and
spamming the console constantly.
This patch fix the issue by always calling {get,put}_buffers() since
preempt_{disable,enable}() functions are nestable.
BugLink: http://bugs.launchpad.net/bugs/1323526
Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a fix to code that is not upstream.
There is a race window in the apparmor_kill hook, that may result in a
profile refcount being decremented without a previous increment. This
can result in the profile being freed, while references still exist and
can lead to an oops.
The race window exists for the time after the profile has been replaced
but before the task cred has been updated to the new profile.
BugLink: http://bugs.launchpad.net/bugs/1308764
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a fix to code that is not upstream.
When the pivotroot check was refactored into the callback fn, putting
of the target fn was not pushed down because target was referenced in
by audit_log in the error path. However target will never be set in
the cases when audit_log is called from the error path.
So instead of passing target the target value back out of profile_pivotroot
push putting the target reference down as it is not needed in aa_pivotroot.
BugLink: http://bugs.launchpad.net/bugs/1308765
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a fix to code that is not upstream.
Remove label check warning that is enforcing a condition that is not
yet always valid in the trusty version of apparmor. The check leaked
in from later patches in the -dev tree and does not belong in the
trusty code base.
BugLink: http://bugs.launchpad.net/bugs/1308761
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a sync and squash to the apparmor 3 alpha 6 development snapshot
backported from 3.13. The set of patches in this squash are available
is the aa3.0-presquash branch of the dev tree.
Several of the patches in the squash have been submitted upstream.
Several more will be submitted soon, and other parts are still in
active review and development.
This squash will be updated to remove patches as they are pulled
into the upstream tree, and add new patches as they become available
to the stable apparmor dev branch.
In addition to the apparmor 3 sync this contains the backport patch
series for the 3.4 goldfish kernel
- apparmor: backport setup base backport files
- apparmor: 3.12 backport mtd: Move major number f83c3838
- apparmor: 3.11 backport revert module/lsm: Have apparm 5265fc62
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.6 backport provide iterate_fd c3c073f8
- apparmor: 3.6 backport provide replace_fd 8280d161
- apparmor: 3.5 backport dentry_open params 765927b2
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport alias file_open 83d49856
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1235977
The profile introspection seq file has a locking bug when policy is viewed
from a virtual root (task in a policy namespace, introspection from the
real root is not affected).
The test for root
while (parent) {
is correct for the real root, but incorrect for tasks in a policy namespace.
This allows the task to walk backup the policy tree past its virtual root
causing it to be unlocked before the virtual root should be in the p_stop
fn.
This results in the following lockdep back trace:
[ 78.479744] [ BUG: bad unlock balance detected! ]
[ 78.479792] 3.11.0-11-generic #17 Not tainted
[ 78.479838] -------------------------------------
[ 78.479885] grep/2223 is trying to release lock (&ns->lock) at:
[ 78.479952] [<ffffffff817bf3be>] mutex_unlock+0xe/0x10
[ 78.480002] but there are no more locks to release!
[ 78.480037]
[ 78.480037] other info that might help us debug this:
[ 78.480037] 1 lock held by grep/2223:
[ 78.480037] #0: (&p->lock){+.+.+.}, at: [<ffffffff812111bd>] seq_read+0x3d/0x3d0
[ 78.480037]
[ 78.480037] stack backtrace:
[ 78.480037] CPU: 0 PID: 2223 Comm: grep Not tainted 3.11.0-11-generic #17
[ 78.480037] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 78.480037] ffffffff817bf3be ffff880007763d60 ffffffff817b97ef ffff8800189d2190
[ 78.480037] ffff880007763d88 ffffffff810e1c6e ffff88001f044730 ffff8800189d2190
[ 78.480037] ffffffff817bf3be ffff880007763e00 ffffffff810e5bd6 0000000724fe56b7
[ 78.480037] Call Trace:
[ 78.480037] [<ffffffff817bf3be>] ? mutex_unlock+0xe/0x10
[ 78.480037] [<ffffffff817b97ef>] dump_stack+0x54/0x74
[ 78.480037] [<ffffffff810e1c6e>] print_unlock_imbalance_bug+0xee/0x100
[ 78.480037] [<ffffffff817bf3be>] ? mutex_unlock+0xe/0x10
[ 78.480037] [<ffffffff810e5bd6>] lock_release_non_nested+0x226/0x300
[ 78.480037] [<ffffffff817bf2fe>] ? __mutex_unlock_slowpath+0xce/0x180
[ 78.480037] [<ffffffff817bf3be>] ? mutex_unlock+0xe/0x10
[ 78.480037] [<ffffffff810e5d5c>] lock_release+0xac/0x310
[ 78.480037] [<ffffffff817bf2b3>] __mutex_unlock_slowpath+0x83/0x180
[ 78.480037] [<ffffffff817bf3be>] mutex_unlock+0xe/0x10
[ 78.480037] [<ffffffff81376c91>] p_stop+0x51/0x90
[ 78.480037] [<ffffffff81211408>] seq_read+0x288/0x3d0
[ 78.480037] [<ffffffff811e9d9e>] vfs_read+0x9e/0x170
[ 78.480037] [<ffffffff811ea8cc>] SyS_read+0x4c/0xa0
[ 78.480037] [<ffffffff817ccc9d>] system_call_fastpath+0x1a/0x1f
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1208988
dependency of: fix unix domain sockets to be mediated on connection
needed to fix sleep in atomic context
Dynamically allocating buffers to store the path lookup slows mediation
down, and may require being able to sleep or accept failure of buffer
allocation. Handling fd inheritance during committing_creds, and unix
domain sockets can't fail nor can it sleep to do an allocation, so it
requires having preallocated buffers.
So add support for preallocated buffers and convert everything that
can be to use them.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
This is a sync and squash to the apparmor 3 alpha 4 development snapshot
backported from 3.12. The set of patches in this squash are available
is the aa3.0-presquash branch of the dev tree.
Several of the patches in the squash have been submitted upstream.
Several more will be submitted soon, and other parts are still in
active review and development.
This squash will be updated to remove patches as they are pulled
into the upstream tree, and add new patches as they become available
to the stable apparmor dev branch.
In addition to the apparmor 3 sync this contains the backport patch
series for the 3.4 manta kernel
- apparmor: 3.10 backport revert no delay vfree()
- apparmor: 3.8 backport provide file_inode helper 496ad9aa
- apparmor: 3.6 backport revert uapi for capnames 43c422ed
- apparmor: 3.6 backport revert uapi for resnames 8a1ab315
- apparmor: 3.6 backport define kuid_t d2b31ca64
- apparmor: 3.6 backport kuid_t support for audit 2db81452
- apparmor: 3.6 backport remove const from sb_mount 808d4e3c
- apparmor: 3.4 backport revert file_mmap e5467859
- apparmor: 3.4 backport cap_mmap_addr d007794a
- apparmor: 3.4 backport fake no_new_privs 259e5e6c
- apparmor: 3.4 backport revert task audi_data 0972c74e
- apparmor: 3.4 backport alias file_open 83d49856
- UBUNTU: SAUCE: (no-up) apparmor: update config options
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This fixes a bug in the current apparmor3 alpha2 sync, where none root
users can not query whether the apparmor module is enabled. It has been
incorporated into the apparmor dev tree and will be integrated as part
of the next sync, at which point this patch will be reverted.
BugLink: http://bugs.launchpad.net/bugs/1199912
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This is a squash of the following commits from the branch
v3.4-backport-of-apparmor3
Signed-off-by: John Johansen <john.johansen@canonical.com>
----------------------------------------------------------------
sync to Linux 3.10 apparmor
UBUNTU SAUCE: apparmor: sync apparmor3 dev snapshot
----------------------------------------------------------------
John Johansen (67):
apparmor: fix auditing of domain transition failures due to incomplete policy
apparmor: Remove -W1 warnings
apparmor: refactor profile mode macros
apparmor: fix error code to failure message mapping for name lookup
apparmor: add utility function to get an arbitrary tasks profile.
apparmor: add kvzalloc to handle zeroing for kvmalloc
apparmor: use common fn to clear task_context for domain transitions
apparmor: remove "permipc" command
apparmor: relax the restrictions on setting rlimits
apparmor: misc cleanup of match
apparmor: move perm defines into policy_unpack
apparmor: remove sid from profiles
apparmor: move the free_profile fn ahead of aa_alloc_profile
apparmor: reserve and mask off the top 8 bits of the base field
apparmor: fix the audit type table
apparmor: add a features/policy dir to interface
apparmor: Fix smatch warning in aa_remove_profiles
apparmor: fix sparse warnings
apparmor: localize getting the security context to a few macros
apparmor: fix setprocattr arg processing for onexec
apparmor: fix fully qualified name parsing
apparmor: enable users to query whether apparmor is enabled
apparmor: provide base for multiple profiles to be replaced at once
apparmor: convert profile lists to RCU based locking
apparmor: change how profile replacement update is done
apparmor: update how unconfined is handled
apparmor: fix namespace to be freeded via RCU
apparmor: rework namespace free path
apparmor: make free_profile available outside of policy.c
apparmor: allow setting any profile into the unconfined state
apparmor: provide the ability to boot with a default profile set on init
apparmor: fix fs extry display for default profile
apparmor: Add interface files for profiles and namespaces
FIX: collapse aa_fs_entry to a single entry instead of a null terminated array
apparmor: merge profile mode names
apparmor: fix the locking etc. in the new policy interface
apparmor: add an optional profile attachment string
apparmor: Add profile introspection file to interface
apparmor: update compatibility patch for RCU locking
FIX: more fixes to aafs/profiles file
apparmor: reuse name string from previous profile
apparmor: add basic support for implicit labeling of files
apparmor: directly free a label if it has not been added to a labelset
FIX: ensure label is only inserted if not already in tree
apparmor: baby step - now add labels to the labelset trees
FIX: ensure all profiles get added to the correct lists
apparmor: move replacedby to use labels instead of profiles
apparmor: introduce using labels from contexts
apparmor: add abilitiy to print labels and update interface to use
apparmor: rework auditing to use the label
apparmor: audit the profile and namespace for all messages
apparmor: treat each task as if the label can have mutiple entries
apparmor: use most recent label available, when possible.
apparmor: remove FLAG_MEDIATE_DELETED
apparmor: move aa_label_insert
apparmor: add a log fn to generate log message for each profile in a label
apparmor: add helper for getting the newest profile
apparmor: add the ability to create a new label based on merging 2 labels
apparmor: invalidate compound labels, and replace
apparmor: set up base labeling on sockets
apparmor: Add the ability to mediate mount
apparmor: convert mount to label instead of profile
apparmor: treat mount as if each task may have multi-profile labels
apparmor: implement profile-based query interface in apparmorfs
apparmor: update profile permission query interface to use labels
apparmor: fix returning -einval when should be no perms on query interface
apparmor: add a features/dbus dir to securityfs interface
security/apparmor/.gitignore | 1 +
security/apparmor/Kconfig | 35 ++
security/apparmor/Makefile | 42 ++-
security/apparmor/apparmorfs.c | 757 +++++++++++++++++++++++++++++++++++++-
security/apparmor/audit.c | 30 +-
security/apparmor/context.c | 122 ++++---
security/apparmor/domain.c | 123 ++++---
security/apparmor/file.c | 173 +++++----
security/apparmor/include/apparmor.h | 58 ++-
security/apparmor/include/apparmorfs.h | 39 ++
security/apparmor/include/audit.h | 21 +-
security/apparmor/include/context.h | 158 +++++---
security/apparmor/include/domain.h | 2 +
security/apparmor/include/file.h | 23 +-
security/apparmor/include/ipc.h | 4 +-
security/apparmor/include/label.h | 325 +++++++++++++++++
security/apparmor/include/match.h | 21 +-
security/apparmor/include/mount.h | 54 +++
security/apparmor/include/net.h | 54 +++
security/apparmor/include/path.h | 2 +-
security/apparmor/include/policy.h | 214 ++++++-----
security/apparmor/include/policy_unpack.h | 21 +-
security/apparmor/include/procattr.h | 3 +-
security/apparmor/include/resource.h | 4 +-
security/apparmor/include/sid.h | 4 +-
security/apparmor/ipc.c | 48 +--
security/apparmor/label.c | 1626 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
security/apparmor/lib.c | 37 +-
security/apparmor/lsm.c | 645 ++++++++++++++++++++++++++++-----
security/apparmor/match.c | 23 +-
security/apparmor/mount.c | 704 ++++++++++++++++++++++++++++++++++++
security/apparmor/net.c | 169 +++++++++
security/apparmor/path.c | 2 +-
security/apparmor/policy.c | 871 +++++++++++++++++++++++++++-----------------
security/apparmor/policy_unpack.c | 188 ++++++++--
security/apparmor/procattr.c | 57 +--
security/apparmor/resource.c | 91 +++--
37 files changed, 5790 insertions(+), 961 deletions(-)
create mode 100644 security/apparmor/include/label.h
create mode 100644 security/apparmor/include/mount.h
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/label.c
create mode 100644 security/apparmor/mount.c
create mode 100644 security/apparmor/net.c
UBUNTU SAUCE: apparmor: 3.8 backport provide file_inode helper 496ad9aa
support changes from commit 496ad9aa8ef448058e36ca7a787c61f2e63f0f54
UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for capnames 43c422ed
partial revert of 43c422eda99b894f18d1cca17bcd2401efaf7bd0
UBUNTU SAUCE: apparmor: 3.6 backport revert uapi for resnames 8a1ab315
partial revert 8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498
UBUNTU SAUCE: apparmor: 3.6 backport define kuid_t d2b31ca64
support changes from commit d2b31ca644fdc8704de3367a6a56a5c958c77f53
UBUNTU SAUCE: apparmor: 3.6 backport kuid_t support for audit 2db81452
support changes from commit 2db81452931eb51cc739d6e495cf1bd4860c3c99
UBUNTU SAUCE: apparmor: 3.6 backport remove const from sb_mount 808d4e3c
partial revert of 808d4e3cfdcc52b19276175464f6dbca4df13b09
UBUNTU SAUCE: apparmor: 3.4 backport revert file_mmap e5467859
partial revert of e5467859f7f79b69fc49004403009dfdba3bec53
UBUNTU SAUCE: apparmor: 3.4 backport cap_mmap_addr d007794a
support changes from d007794a182bc072a7b7479909dbd0d67ba341be
UBUNTU SAUCE: apparmor: 3.4 backport fake no_new_privs 259e5e6c
support interface from 259e5e6c75a910f3b5e656151dc602f53f9d7548
c29bceb3967398cf2ac8bf8edf9634fdb722df7d
UBUNTU SAUCE: apparmor: 3.4 backport alias file_open 83d49856
add support for 83d498569e9a7a4b92c4c5d3566f2d6a604f28c9
It just bloats the audit data structure for no good reason, since the
only time those fields are filled are just before calling the
common_lsm_audit() function, which is also the only user of those
fields.
So just make them be the arguments to common_lsm_audit(), rather than
bloating that structure that is passed around everywhere, and is
initialized in hot paths.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix failure in aa_change_onexec api when the request is made from a confined
task. This failure was caused by two problems
The AA_MAY_ONEXEC perm was not being mapped correctly for this case.
The executable name was being checked as second time instead of using the
requested onexec profile name, which may not be the same as the exec
profile name. This mistake can not be exploited to grant extra permission
because of the above flaw where the ONEXEC permission was not being mapped
so it will not be granted.
BugLink: http://bugs.launchpad.net/bugs/963756
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Move the path name lookup failure messages into the main path name lookup
routine, as the information is useful in more than just aa_path_perm.
Also rename aa_get_name to aa_path_name as it is not getting a reference
counted object with a corresponding put fn.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Update aa_dfa_match so that it doesn't result in an input string being
walked twice (once to get its length and another time to match)
Add a single step functions
aa_dfa_next
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
When __d_path and d_absolute_path fail due to the name being outside of
the current namespace no name is reported. Use dentry_path to provide
some hint as to which file was being accessed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Post unpacking of policy a verification pass is made on x transition
indexes. When this fails a call to audit_iface is made resulting in an
oops, because audit_iface is expecting a valid buffer position but
since the failure comes from post unpack verification there is none.
Make the position argument optional so that audit_iface can be called
from post unpack verification.
Signed-off-by: John Johansen <john.johansen@canonical.com>
The returning of -ESATLE when a path lookup fails as disconnected is wrong.
Since AppArmor is rejecting the access return -EACCES instead.
This also fixes a bug in complain (learning) mode where disconnected paths
are denied because -ESTALE errors are not ignored causing failures that
can change application behavior.
Signed-off-by: John Johansen <john.johansen@canonical.com>
When a chroot relative pathname lookup fails it is falling through to
do a d_absolute_path lookup. This is incorrect as d_absolute_path should
only be used to lookup names for namespace absolute paths.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
The mapping of AA_MAY_META_READ for the allow mask was also being mapped
to the audit and quiet masks. This would result in some operations being
audited when the should not.
This flaw was hidden by the previous audit bug which would drop some
messages that where supposed to be audited.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
If the xindex value stored in the accept tables is 0, the extraction of
that value will result in an underflow (0 - 4).
In properly compiled policy this should not happen for file rules but
it may be possible for other rule types in the future.
To exploit this underflow a user would have to be able to load a corrupt
policy, which requires CAP_MAC_ADMIN, overwrite system policy in kernel
memory or know of a compiler error resulting in the flaw being present
for loaded policy (no such flaw is known at this time).
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
The audit permission flag, that specifies an audit message should be
provided when an operation is allowed, was being ignored in some cases.
This is because the auto audit mode (which determines the audit mode from
system flags) was incorrectly assigned the same value as audit mode. The
shared value would result in messages that should be audited going through
a second evaluation as to whether they should be audited based on the
auto audit, resulting in some messages being dropped.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
