diff options
| author | Ryan Lee <ryan.lee@canonical.com> | 2024-08-28 15:24:46 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2024-11-26 19:21:06 -0800 |
| commit | 8acf7ad02d1b1bc6dbb1fc78a295582d0d336502 (patch) | |
| tree | 92107a8777864a2826850f5c8c21686460bffa5d /security | |
| parent | 9133493a76d741e1ce00a140be3d2d7791ca3a04 (diff) | |
| download | lwn-8acf7ad02d1b1bc6dbb1fc78a295582d0d336502.tar.gz lwn-8acf7ad02d1b1bc6dbb1fc78a295582d0d336502.zip | |
apparmor: replace misleading 'scrubbing environment' phrase in debug print
The wording of 'scrubbing environment' implied that all environment
variables would be removed, when instead secure-execution mode only
removes a small number of environment variables. This patch updates the
wording to describe what actually occurs instead: setting AT_SECURE for
ld.so's secure-execution mode.
Link: https://gitlab.com/apparmor/apparmor/-/merge_requests/1315 is a
merge request that does similar updating for apparmor userspace.
Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/domain.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 8c18d72531f8..75d3bd02c067 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -714,8 +714,8 @@ create_learning_profile: if (!(perms.xindex & AA_X_UNSAFE)) { if (DEBUG_ON) { - dbg_printk("apparmor: scrubbing environment variables" - " for %s profile=", name); + dbg_printk("apparmor: setting AT_SECURE for %s profile=", + name); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } @@ -794,8 +794,8 @@ static int profile_onexec(const struct cred *subj_cred, if (!(perms.xindex & AA_X_UNSAFE)) { if (DEBUG_ON) { - dbg_printk("apparmor: scrubbing environment " - "variables for %s label=", xname); + dbg_printk("apparmor: setting AT_SECURE for %s label=", + xname); aa_label_printk(onexec, GFP_KERNEL); dbg_printk("\n"); } @@ -951,8 +951,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm) if (unsafe) { if (DEBUG_ON) { - dbg_printk("scrubbing environment variables for %s " - "label=", bprm->filename); + dbg_printk("setting AT_SECURE for %s label=", + bprm->filename); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } @@ -962,8 +962,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm) if (label->proxy != new->proxy) { /* when transitioning clear unsafe personality bits */ if (DEBUG_ON) { - dbg_printk("apparmor: clearing unsafe personality " - "bits. %s label=", bprm->filename); + dbg_printk("apparmor: clearing unsafe personality bits. %s label=", + bprm->filename); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } |