apparmor: force auditing of conflicting attachment execs from confined

Conflicting attachment paths are an error state that result in the binary in question executing under an unexpected ix/ux fallback. As such, it should be audited to record the occurrence of conflicting attachments. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: Ryan Lee <ryan.lee@canonical.com> 2025-05-02 03:55:46 +0300
committer: John Johansen <john.johansen@canonical.com> 2025-05-26 06:15:01 +0300
commit: 16916b17b4f80f99aad2ad29ad112313539ad219 (patch)
tree: 0c1053f92a6b8793f41c468cc28cafa9084f0696
parent: b824b5f82bbc8ace0982391a1718b04a1f93346e (diff)
download: linux-16916b17b4f80f99aad2ad29ad112313539ad219.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index b5e1defbd4ac..f9370a63a83c 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -729,6 +729,15 @@ static struct aa_label *profile_transition(const struct cred *subj_cred,
 		new = x_to_label(profile, bprm, name, perms.xindex, &target,
 				 &info);
 		if (new && new->proxy == profile->label.proxy && info) {
+			/* Force audit on conflicting attachment fallback
+			 * Because perms is never used again after this audit
+			 * we don't need to care about clobbering it
+			 */
+			if (info == CONFLICTING_ATTACH_STR_IX
+			    || info == CONFLICTING_ATTACH_STR_UX) {
+				perms.audit |= MAY_EXEC;
+				perms.allow |= MAY_EXEC;
+			}
 			/* hack ix fallback - improve how this is detected */
 			goto audit;
 		} else if (!new) {
author	Ryan Lee <ryan.lee@canonical.com>	2025-05-02 03:55:46 +0300
committer	John Johansen <john.johansen@canonical.com>	2025-05-26 06:15:01 +0300
commit	16916b17b4f80f99aad2ad29ad112313539ad219 (patch)
tree	0c1053f92a6b8793f41c468cc28cafa9084f0696
parent	b824b5f82bbc8ace0982391a1718b04a1f93346e (diff)
download	linux-16916b17b4f80f99aad2ad29ad112313539ad219.tar.xz