diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 02:08:28 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:34 -0700 |
commit | cf797c0e5e312520b0b9f0367039fc0279a07a76 (patch) | |
tree | 68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/policy_unpack.c | |
parent | fe864821d504f33f22b3ce2d5599ae95598db721 (diff) | |
download | lwn-cf797c0e5e312520b0b9f0367039fc0279a07a76.tar.gz lwn-cf797c0e5e312520b0b9f0367039fc0279a07a76.zip |
apparmor: convert to profile block critical sections
There are still a few places where profile replacement fails to update
and a stale profile is used for mediation. Fix this by moving to
accessing the current label through a critical section that will
always ensure mediation is using the current label regardless of
whether the tasks cred has been updated or not.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r-- | security/apparmor/policy_unpack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index e521df1bd1fb..cac69f2cb86d 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -107,7 +107,7 @@ static int audit_iface(struct aa_profile *new, const char *ns_name, const char *name, const char *info, struct aa_ext *e, int error) { - struct aa_profile *profile = __aa_current_profile(); + struct aa_profile *profile = aa_current_raw_profile(); DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL); if (e) aad(&sa)->iface.pos = e->pos - e->start; |