Commit ac9535d8 authored by Stefan Bader's avatar Stefan Bader

Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on cache check"

BugLink: https://bugs.launchpad.net/bugs/1658219

This reverts commit 97ac9e61 as it
is currently causing regressions in snaps which would break networking
for all core16 images.
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 37cb4a3b
...@@ -536,23 +536,18 @@ static int __file_path_perm(const char *op, struct aa_label *label, ...@@ -536,23 +536,18 @@ static int __file_path_perm(const char *op, struct aa_label *label,
error = fn_for_each_not_in_set(flabel, label, profile, error = fn_for_each_not_in_set(flabel, label, profile,
profile_path_perm(op, profile, &file->f_path, buffer, profile_path_perm(op, profile, &file->f_path, buffer,
request, &cond, flags, &perms)); request, &cond, flags, &perms));
if (denied && !error) { if (denied) {
/* check every profile in file label that was not tested /* check every profile in file label that was not tested
* in the initial check above. * in the initial check above.
*/ */
/* TODO: cache full perms so this only happens because of /* TODO: cache full perms so this only happens because of
* conditionals */ * conditionals */
/* TODO: don't audit here */ /* TODO: don't audit here */
if (label == flabel) last_error(error,
error = fn_for_each(label, profile, fn_for_each_not_in_set(label, flabel, profile,
profile_path_perm(op, profile, &file->f_path,
buffer, request, &cond, flags,
&perms));
else
error = fn_for_each_not_in_set(label, flabel, profile,
profile_path_perm(op, profile, &file->f_path, profile_path_perm(op, profile, &file->f_path,
buffer, request, &cond, flags, buffer, request, &cond, flags,
&perms)); &perms)));
} }
if (!error) if (!error)
update_file_ctx(file_ctx(file), label, request); update_file_ctx(file_ctx(file), label, request);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment