apparmor: replace misleading 'scrubbing environment' phrase in debug print

The wording of 'scrubbing environment' implied that all environment
variables would be removed, when instead secure-execution mode only
removes a small number of environment variables. This patch updates the
wording to describe what actually occurs instead: setting AT_SECURE for
ld.so's secure-execution mode.

Link: https://gitlab.com/apparmor/apparmor/-/merge_requests/1315
merge request that does similar updating for apparmor userspace.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 8c18d72531f86d4a80d3318e9c9aefdaba4c3b43..75d3bd02c0674ee8b66e8dc4f58e8c9423b9eb68 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -714,8 +714,8 @@ create_learning_profile:
 
        if (!(perms.xindex & AA_X_UNSAFE)) {
                if (DEBUG_ON) {
-                       dbg_printk("apparmor: scrubbing environment variables"
-                                  " for %s profile=", name);
+                       dbg_printk("apparmor: setting AT_SECURE for %s profile=",
+                                  name);
                        aa_label_printk(new, GFP_KERNEL);
                        dbg_printk("\n");
                }
@@ -794,8 +794,8 @@ static int profile_onexec(const struct cred *subj_cred,
 
        if (!(perms.xindex & AA_X_UNSAFE)) {
                if (DEBUG_ON) {
-                       dbg_printk("apparmor: scrubbing environment "
-                                  "variables for %s label=", xname);
+                       dbg_printk("apparmor: setting AT_SECURE for %s label=",
+                                  xname);
                        aa_label_printk(onexec, GFP_KERNEL);
                        dbg_printk("\n");
                }
@@ -951,8 +951,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
 
        if (unsafe) {
                if (DEBUG_ON) {
-                       dbg_printk("scrubbing environment variables for %s "
-                                  "label=", bprm->filename);
+                       dbg_printk("setting AT_SECURE for %s label=",
+                                  bprm->filename);
                        aa_label_printk(new, GFP_KERNEL);
                        dbg_printk("\n");
                }
@@ -962,8 +962,8 @@ int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm)
        if (label->proxy != new->proxy) {
                /* when transitioning clear unsafe personality bits */
                if (DEBUG_ON) {
-                       dbg_printk("apparmor: clearing unsafe personality "
-                                  "bits. %s label=", bprm->filename);
+                       dbg_printk("apparmor: clearing unsafe personality bits. %s label=",
+                                  bprm->filename);
                        aa_label_printk(new, GFP_KERNEL);
                        dbg_printk("\n");
                }