apparmor: return error on namespace mismatch in verify_header

When profiles in a multi-profile load specify different namesapaces, the audit record is generated but execution continues, causing the function to return success. This violates the load requirement that all profiles must target the same namespace. Add the missing return statement after auditing the error. Reported-by: Qualys Security Advisory <qsa@qualys.com> Fixes: dd51c8485763 ("apparmor: provide base for multiple profiles to be replaced at once") Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com> 2026-01-20 17:24:05 +0300
committer: John Johansen <john.johansen@canonical.com> 2026-02-24 07:58:07 +0300
commit: 8813837aa7f5f5a262a5ebc1a1a2a3a5ec818c70 (patch)
tree: aaf0ce6ac05a16e07a72bea9de4e791fcfce5f11
parent: 4afc61702bdcc3b9b519749ef966cf762a6e7051 (diff)
download: linux-8813837aa7f5f5a262a5ebc1a1a2a3a5ec818c70.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 1769417a9962..ff517bc7e275 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -1440,6 +1440,7 @@ static int verify_header(struct aa_ext *e, int required, const char **ns)
 		if (*ns && strcmp(*ns, name)) {
 			audit_iface(NULL, NULL, NULL, "invalid ns change", e,
 				    error);
+			return error;
 		} else if (!*ns) {
 			*ns = kstrdup(name, GFP_KERNEL);
 			if (!*ns)
author	Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>	2026-01-20 17:24:05 +0300
committer	John Johansen <john.johansen@canonical.com>	2026-02-24 07:58:07 +0300
commit	8813837aa7f5f5a262a5ebc1a1a2a3a5ec818c70 (patch)
tree	aaf0ce6ac05a16e07a72bea9de4e791fcfce5f11
parent	4afc61702bdcc3b9b519749ef966cf762a6e7051 (diff)
download	linux-8813837aa7f5f5a262a5ebc1a1a2a3a5ec818c70.tar.xz