UBUNTU: SAUCE: apparmor4.0.0 [94/99]: apparmor: allocate xmatch for nullpdf inside aa_alloc_null

BugLink: https://bugs.launchpad.net/bugs/2086210 attach->xmatch was not set when allocating a null profile, which is used in complain mode to allocate a learning profile. This was causing downstream failures in find_attach, which expected a valid xmatch but did not find one under a certain sequence of profile transitions in complain mode. This patch ensures the xmatch is set up properly for null profiles. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Timo Aaltonen <timo.aaltonen@canonical.com> (cherry picked from commit 2de989ae726b14b6236fdb848563d607e12287b8 oracular:linux) Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Guoqing Jiang <guoqing.jiang@canonical.com> Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
2024-11-07 17:38:25 -08:00
parent ec19eb348a
commit 40dbd78758
1 changed files with 1 additions and 0 deletions
@@ -659,6 +659,7 @@ struct aa_profile *aa_alloc_null(struct aa_profile *parent, const char *name,

 	/* TODO: ideally we should inherit abi from parent */
 	profile->label.flags |= FLAG_NULL;
+	profile->attach.xmatch = aa_get_pdb(nullpdb);
 	rules = list_first_entry(&profile->rules, typeof(*rules), list);
 	rules->file = aa_get_pdb(nullpdb);
 	rules->policy = aa_get_pdb(nullpdb);