diff options
| author | Ryan Lee <[email protected]> | 2024-08-28 22:24:46 +0000 |
|---|---|---|
| committer | John Johansen <[email protected]> | 2024-11-27 03:21:06 +0000 |
| commit | 8acf7ad02d1b1bc6dbb1fc78a295582d0d336502 (patch) | |
| tree | 92107a8777864a2826850f5c8c21686460bffa5d | |
| parent | parser: drop dead code for XXX_comb macros (diff) | |
| download | kernel-8acf7ad02d1b1bc6dbb1fc78a295582d0d336502.tar.gz kernel-8acf7ad02d1b1bc6dbb1fc78a295582d0d336502.zip | |
apparmor: replace misleading 'scrubbing environment' phrase in debug print
The wording of 'scrubbing environment' implied that all environment
variables would be removed, when instead secure-execution mode only
removes a small number of environment variables. This patch updates the
wording to describe what actually occurs instead: setting AT_SECURE for
ld.so's secure-execution mode.
Link: https://gitlab.com/apparmor/apparmor/-/merge_requests/1315 is a
merge request that does similar updating for apparmor userspace.
Signed-off-by: Ryan Lee <[email protected]>
Signed-off-by: John Johansen <[email protected]>
| -rw-r--r-- | security/apparmor/domain.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 8c18d72531f8..75d3bd02c067 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -714,8 +714,8 @@ create_learning_profile: if (!(perms.xindex & AA_X_UNSAFE)) { if (DEBUG_ON) { - dbg_printk("apparmor: scrubbing environment variables" - " for %s profile=", name); + dbg_printk("apparmor: setting AT_SECURE for %s profile=", + name); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } @@ -794,8 +794,8 @@ static int profile_onexec(const struct cred *subj_cred, if (!(perms.xindex & AA_X_UNSAFE)) { if (DEBUG_ON) { - dbg_printk("apparmor: scrubbing environment " - "variables for %s label=", xname); + dbg_printk("apparmor: setting AT_SECURE for %s label=", + xname); aa_label_printk(onexec, GFP_KERNEL); dbg_printk("\n"); } @@ -951,8 +951,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm) if (unsafe) { if (DEBUG_ON) { - dbg_printk("scrubbing environment variables for %s " - "label=", bprm->filename); + dbg_printk("setting AT_SECURE for %s label=", + bprm->filename); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } @@ -962,8 +962,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm) if (label->proxy != new->proxy) { /* when transitioning clear unsafe personality bits */ if (DEBUG_ON) { - dbg_printk("apparmor: clearing unsafe personality " - "bits. %s label=", bprm->filename); + dbg_printk("apparmor: clearing unsafe personality bits. %s label=", + bprm->filename); aa_label_printk(new, GFP_KERNEL); dbg_printk("\n"); } |