summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2016-11-21 15:27:41 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2016-11-21 15:27:41 -0800
commit3b404a519815b9820f73f1ecf404e5546c9270ba (patch)
treeaaa2975ab06a0f6f24bf21906577f5f065c48d98
parent8d1a2408efa6a5e75f4c968351a240425c3fa0e5 (diff)
parent3d40658c977769ce2138f286cf131537bf68bdfe (diff)
downloadlinux-3b404a519815b9820f73f1ecf404e5546c9270ba.tar.gz
linux-3b404a519815b9820f73f1ecf404e5546c9270ba.tar.bz2
linux-3b404a519815b9820f73f1ecf404e5546c9270ba.zip
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull apparmor bugfix from James Morris: "This has a fix for a policy replacement bug that is fairly serious for apache mod_apparmor users, as it results in the wrong policy being applied on an network facing service" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: apparmor: fix change_hat not finding hat after policy replacement
Diffstat
-rw-r--r--security/apparmor/domain.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index fc3036b34e51..a4d90aa1045a 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
/* released below */
cred = get_current_cred();
cxt = cred_cxt(cred);
- profile = aa_cred_profile(cred);
- previous_profile = cxt->previous;
+ profile = aa_get_newest_profile(aa_cred_profile(cred));
+ previous_profile = aa_get_newest_profile(cxt->previous);
if (unconfined(profile)) {
info = "unconfined";
@@ -718,6 +718,8 @@ audit:
out:
aa_put_profile(hat);
kfree(name);
+ aa_put_profile(profile);
+ aa_put_profile(previous_profile);
put_cred(cred);
return error;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 15:29:56 +0000