summaryrefslogtreecommitdiff
path: root/security/apparmor/policy_unpack.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 02:08:28 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:34 -0700
commitcf797c0e5e312520b0b9f0367039fc0279a07a76 (patch)
tree68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/policy_unpack.c
parentfe864821d504f33f22b3ce2d5599ae95598db721 (diff)
downloadlwn-cf797c0e5e312520b0b9f0367039fc0279a07a76.tar.gz
lwn-cf797c0e5e312520b0b9f0367039fc0279a07a76.zip
apparmor: convert to profile block critical sections
There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r--security/apparmor/policy_unpack.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index e521df1bd1fb..cac69f2cb86d 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -107,7 +107,7 @@ static int audit_iface(struct aa_profile *new, const char *ns_name,
const char *name, const char *info, struct aa_ext *e,
int error)
{
- struct aa_profile *profile = __aa_current_profile();
+ struct aa_profile *profile = aa_current_raw_profile();
DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL);
if (e)
aad(&sa)->iface.pos = e->pos - e->start;