summaryrefslogtreecommitdiffstats
path: root/security/apparmor/resource.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 11:08:28 +0200
committerJohn Johansen <john.johansen@canonical.com>2017-06-11 02:11:34 +0200
commitcf797c0e5e312520b0b9f0367039fc0279a07a76 (patch)
tree68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/resource.c
parentapparmor: move bprm_committing_creds/committed_creds to lsm.c (diff)
downloadlinux-cf797c0e5e312520b0b9f0367039fc0279a07a76.tar.xz
linux-cf797c0e5e312520b0b9f0367039fc0279a07a76.zip
apparmor: convert to profile block critical sections
There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/resource.c')
-rw-r--r--security/apparmor/resource.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index ae66151fdc38..b26f1dac5106 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -90,7 +90,7 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
int error = 0;
rcu_read_lock();
- task_profile = aa_get_profile(aa_cred_profile(__task_cred(task)));
+ task_profile = aa_get_newest_cred_profile((__task_cred(task)));
rcu_read_unlock();
/* TODO: extend resource control to handle other (non current)