summaryrefslogtreecommitdiffstats
path: root/security/apparmor/policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r--security/apparmor/policy.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index c07493ce2376..1590e2de4e84 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -268,7 +268,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy,
if (!aa_policy_init(&profile->base, NULL, hname, gfp))
goto fail;
- if (!aa_label_init(&profile->label, 1))
+ if (!aa_label_init(&profile->label, 1, gfp))
goto fail;
/* update being set needed by fs interface */
@@ -1008,6 +1008,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
audit_policy(label, op, ns_name, ent->new->base.hname,
"same as current profile, skipping",
error);
+ /* break refcount cycle with proxy. */
+ aa_put_proxy(ent->new->label.proxy);
+ ent->new->label.proxy = NULL;
goto skip;
}
@@ -1085,7 +1088,7 @@ fail:
* Remove a profile or sub namespace from the current namespace, so that
* they can not be found anymore and mark them as replaced by unconfined
*
- * NOTE: removing confinement does not restore rlimits to preconfinemnet values
+ * NOTE: removing confinement does not restore rlimits to preconfinement values
*
* Returns: size of data consume else error code if fails
*/
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 07:41:58 +0100