-
Committer:
John Johansen
-
Date:
2017-10-18 21:31:16 UTC
-
Revision ID:
john.johansen@canonical.com-20171018213116-ghm7bjqsn9m1uud2
Fix af_unix downgrade of network rules
with unix rules we output a downgraded rule compatible with network rules
so that policy will work on kernels that support network socket controls
but not the extended af_unix rules
however this is currently broken if the socket type is left unspecified
(initialized to -1), resulting in denials for kernels that don't support
the extended af_unix rules.
cherry-pick: lp:apparmor r3700
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: timeout