diff options
author | John Johansen <john.johansen@canonical.com> | 2022-03-26 01:46:18 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2022-07-19 02:55:45 -0700 |
commit | c1ed5da197652318341fd36333d45e8e6d5c3359 (patch) | |
tree | 683644f81fe3f38082ddc519a8d7d798e183ab70 /security/apparmor/policy_unpack.c | |
parent | 2504db207146543736e877241f3b3de005cbe056 (diff) | |
download | linux-c1ed5da197652318341fd36333d45e8e6d5c3359.tar.bz2 |
apparmor: allow label to carry debug flags
Allow labels to have debug flags that can be used to trigger debug output
only from profiles/labels that are marked. This can help reduce debug
output by allowing debug to be target to a specific confinement condition.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r-- | security/apparmor/policy_unpack.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 302fecf9b197..55d31bac4f35 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -748,6 +748,10 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) goto fail; if (tmp & PACKED_FLAG_HAT) profile->label.flags |= FLAG_HAT; + if (tmp & PACKED_FLAG_DEBUG1) + profile->label.flags |= FLAG_DEBUG1; + if (tmp & PACKED_FLAG_DEBUG2) + profile->label.flags |= FLAG_DEBUG2; if (!unpack_u32(e, &tmp, NULL)) goto fail; if (tmp == PACKED_MODE_COMPLAIN || (e->version & FORCE_COMPLAIN_FLAG)) { |