mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 09:12:07 +00:00
apparmor: replace misleading 'scrubbing environment' phrase in debug print
The wording of 'scrubbing environment' implied that all environment variables would be removed, when instead secure-execution mode only removes a small number of environment variables. This patch updates the wording to describe what actually occurs instead: setting AT_SECURE for ld.so's secure-execution mode. Link: https://gitlab.com/apparmor/apparmor/-/merge_requests/1315 is a merge request that does similar updating for apparmor userspace. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
9133493a76
commit
8acf7ad02d
@ -714,8 +714,8 @@ static struct aa_label *profile_transition(const struct cred *subj_cred,
|
||||
|
||||
if (!(perms.xindex & AA_X_UNSAFE)) {
|
||||
if (DEBUG_ON) {
|
||||
dbg_printk("apparmor: scrubbing environment variables"
|
||||
" for %s profile=", name);
|
||||
dbg_printk("apparmor: setting AT_SECURE for %s profile=",
|
||||
name);
|
||||
aa_label_printk(new, GFP_KERNEL);
|
||||
dbg_printk("\n");
|
||||
}
|
||||
@ -794,8 +794,8 @@ static int profile_onexec(const struct cred *subj_cred,
|
||||
|
||||
if (!(perms.xindex & AA_X_UNSAFE)) {
|
||||
if (DEBUG_ON) {
|
||||
dbg_printk("apparmor: scrubbing environment "
|
||||
"variables for %s label=", xname);
|
||||
dbg_printk("apparmor: setting AT_SECURE for %s label=",
|
||||
xname);
|
||||
aa_label_printk(onexec, GFP_KERNEL);
|
||||
dbg_printk("\n");
|
||||
}
|
||||
@ -951,8 +951,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
|
||||
|
||||
if (unsafe) {
|
||||
if (DEBUG_ON) {
|
||||
dbg_printk("scrubbing environment variables for %s "
|
||||
"label=", bprm->filename);
|
||||
dbg_printk("setting AT_SECURE for %s label=",
|
||||
bprm->filename);
|
||||
aa_label_printk(new, GFP_KERNEL);
|
||||
dbg_printk("\n");
|
||||
}
|
||||
@ -962,8 +962,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
|
||||
if (label->proxy != new->proxy) {
|
||||
/* when transitioning clear unsafe personality bits */
|
||||
if (DEBUG_ON) {
|
||||
dbg_printk("apparmor: clearing unsafe personality "
|
||||
"bits. %s label=", bprm->filename);
|
||||
dbg_printk("apparmor: clearing unsafe personality bits. %s label=",
|
||||
bprm->filename);
|
||||
aa_label_printk(new, GFP_KERNEL);
|
||||
dbg_printk("\n");
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user