apparmor: fix test error: WARNING in apparmor_unix_stream_connect

commit 88fec3526e84 ("apparmor: make sure unix socket labeling is correctly updated.") added the use of security_sk_alloc() which ensures the sk label is initialized. This means that the AA_BUG in apparmor_unix_stream_connect() is no longer correct, because while the sk is still not being initialized by going through post_create, it is now initialize in sk_alloc(). Remove the now invalid check. Reported-by: syzbot+cd38ee04bcb3866b0c6d@syzkaller.appspotmail.com Fixes: 88fec3526e84 ("apparmor: make sure unix socket labeling is correctly updated.") Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2025-07-30 03:08:29 -0700
committer: John Johansen <john.johansen@canonical.com> 2025-07-30 05:00:47 -0700
commit: f3c0675bb9e0a3a472dd519ec7ccde23bdcf180b (patch)
tree: 8ecefcd761fe3aee6a658488b43e9ed19438c3e6
parent: 8936125e232803e64cb29e107326a942981188d6 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9a64b2db0267..e4b2944431e4 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1205,8 +1205,9 @@ static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
 	if (error)
 		return error;
 
-	/* newsk doesn't go through post_create */
-	AA_BUG(rcu_access_pointer(new_ctx->label));
+	/* newsk doesn't go through post_create, but does go through
+	 * security_sk_alloc()
+	 */
 	rcu_assign_pointer(new_ctx->label,
 			   aa_get_label(rcu_dereference_protected(peer_ctx->label,
 								  true)));
author	John Johansen <john.johansen@canonical.com>	2025-07-30 03:08:29 -0700
committer	John Johansen <john.johansen@canonical.com>	2025-07-30 05:00:47 -0700
commit	f3c0675bb9e0a3a472dd519ec7ccde23bdcf180b (patch)
tree	8ecefcd761fe3aee6a658488b43e9ed19438c3e6
parent	8936125e232803e64cb29e107326a942981188d6 (diff)