Merge fix setting proc_attr_base

There is currently a case in which proc_attr_base won't get set when asprintf is able to generate the path, but the file doesn't exist, it will exit proc_attr_base_init_once() without proc_attr_base having been set as the fall-through if/else logic will get bypassed when asprintf is successful.

Without this fix, various commands like aa-status will not properly display which processes have an apparmor profile enforced because it proc_attr_base will always be NULL and therefore the proc attr path won't be able to be generated.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/701
Acked-by: John Johansen <john.johansen@canonical.com>

libraries/libapparmor/src/kernel.c

@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
 	/* if we fail we just fall back to the default value */
 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
 		autoclose int fd = open(tmp, O_RDONLY);
-		if (fd != -1)
+		if (fd != -1) {
 			proc_attr_base = proc_attr_base_stacking;
-	} else if (!is_enabled() && is_private_enabled()) {
-		/* new stacking interfaces aren't available and apparmor
-		 * is disabled, but available. do not use the
-		 * /proc/<pid>/attr/ * interfaces as they could be
-		 * in use by another LSM
-		 */
-		proc_attr_base = proc_attr_base_unavailable;
-	} else {
-		proc_attr_base = proc_attr_base_old;
+			return;
+		}
 	}
+	if (!is_enabled() && is_private_enabled()) {
+		/* new stacking interfaces aren't available and apparmor
+		* is disabled, but available. do not use the
+		* /proc/<pid>/attr/ * interfaces as they could be
+		* in use by another LSM
+		*/
+		proc_attr_base = proc_attr_base_unavailable;
+		return;
+	}
+	proc_attr_base = proc_attr_base_old;
 }
 
 static char *procattr_path(pid_t pid, const char *attr)