diff options
author | John Johansen <john.johansen@canonical.com> | 2021-04-03 20:07:37 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2021-11-01 21:05:40 +0100 |
commit | dc155617fa5bf5bddbeb99dc781dd011ed23b90f (patch) | |
tree | 48de76d59c8d2d2d99822d553319cbfb97a6f753 /security | |
parent | apparmor: fix error check (diff) | |
download | linux-dc155617fa5bf5bddbeb99dc781dd011ed23b90f.tar.xz linux-dc155617fa5bf5bddbeb99dc781dd011ed23b90f.zip |
apparmor: Fix internal policy capable check for policy management
The check was incorrectly treating a returned error as a boolean.
Fixes: 31ec99e13346 ("apparmor: switch to apparmor to internal capable check for policy management")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 9ce93966401a..4da4f3df9d4a 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -678,7 +678,7 @@ bool aa_policy_view_capable(struct aa_label *label, struct aa_ns *ns) bool aa_policy_admin_capable(struct aa_label *label, struct aa_ns *ns) { struct user_namespace *user_ns = current_user_ns(); - bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN); + bool capable = policy_ns_capable(label, user_ns, CAP_MAC_ADMIN) == 0; AA_DEBUG("cap_mac_admin? %d\n", capable); AA_DEBUG("policy locked? %d\n", aa_g_lock_policy); |