Merge fix setting proc_attr_base

There is currently a case in which proc_attr_base won't get set when asprintf is able to generate the path, but the file doesn't exist, it will exit proc_attr_base_init_once() without proc_attr_base having been set as the fall-through if/else logic will get bypassed when asprintf is successful. Without this fix, various commands like aa-status will not properly display which processes have an apparmor profile enforced because it proc_attr_base will always be NULL and therefore the proc attr path won't be able to be generated. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/701 Acked-by: John Johansen <john.johansen@canonical.com>
2025-03-04 08:24:42 +01:00 · 2021-01-22 20:46:01 +00:00 · 2021-01-22 20:46:01 +00:00 · cb65ab92d0
commit cb65ab92d0
parent d86b7acd31 cc113f4820
1 changed files with 13 additions and 10 deletions
--- a/libraries/libapparmor/src/kernel.c
+++ b/libraries/libapparmor/src/kernel.c
@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
 	/* if we fail we just fall back to the default value */
 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
 		autoclose int fd = open(tmp, O_RDONLY);
-		if (fd != -1)
+		if (fd != -1) {
 			proc_attr_base = proc_attr_base_stacking;
-	} else if (!is_enabled() && is_private_enabled()) {
+			return;
+		}
+	}
+	if (!is_enabled() && is_private_enabled()) {
 		/* new stacking interfaces aren't available and apparmor
 		* is disabled, but available. do not use the
 		* /proc/<pid>/attr/ * interfaces as they could be
 		* in use by another LSM
 		*/
 		proc_attr_base = proc_attr_base_unavailable;
-	} else {
-		proc_attr_base = proc_attr_base_old;
+		return;
 	}
+	proc_attr_base = proc_attr_base_old;
 }

 static char *procattr_path(pid_t pid, const char *attr)