apparmor: fix auditing of domain transition failures due to incomplete policy
authorJohn Johansen <john.johansen@canonical.com>
Mon, 18 Feb 2013 23:59:34 +0000 (15:59 -0800)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 28 Apr 2013 07:35:04 +0000 (00:35 -0700)
commit17322cc3f9ba578f20b5c09fb1630bd234040008
tree42c688a31cc21a559b3cb48353be21f9bc31ef1d
parentb7ae9f064bec903bd4a9f257a35da4d1e9bbcc99
apparmor: fix auditing of domain transition failures due to incomplete policy

When policy specifies a transition to a profile that is not currently
loaded, it result in exec being denied.  However the failure is not being
audited correctly because the audit code is treating this as an allowed
permission and thus not reporting it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
security/apparmor/domain.c