summaryrefslogtreecommitdiffstats
path: root/security/apparmor/procattr.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 11:08:28 +0200
committerJohn Johansen <john.johansen@canonical.com>2017-06-11 02:11:34 +0200
commitcf797c0e5e312520b0b9f0367039fc0279a07a76 (patch)
tree68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/procattr.c
parentapparmor: move bprm_committing_creds/committed_creds to lsm.c (diff)
downloadlinux-cf797c0e5e312520b0b9f0367039fc0279a07a76.tar.xz
linux-cf797c0e5e312520b0b9f0367039fc0279a07a76.zip
apparmor: convert to profile block critical sections
There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/procattr.c')
-rw-r--r--security/apparmor/procattr.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index 3466a27bca09..41b7b64a906b 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -41,7 +41,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
const char *mode_str = aa_profile_mode_names[profile->mode];
const char *ns_name = NULL;
struct aa_ns *ns = profile->ns;
- struct aa_ns *current_ns = __aa_current_profile()->ns;
+ struct aa_ns *current_ns = aa_get_current_ns();
char *s;
if (!aa_ns_visible(current_ns, ns, true))
@@ -75,6 +75,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
else
sprintf(s, "%s (%s)\n", profile->base.hname, mode_str);
*string = str;
+ aa_put_ns(current_ns);
/* NOTE: len does not include \0 of string, not saved as part of file */
return len;