diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-03 12:51:35 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-03 12:51:35 -0800 |
| commit | 79e178a57dae819ae724065b47c25720494cc9f2 (patch) | |
| tree | 821bf3adee5ad86ba88d2ed25f2131854aa10147 /security/apparmor/policy.c | |
| parent | Merge tag 's390-5.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux (diff) | |
| parent | apparmor: make it so work buffers can be allocated from atomic context (diff) | |
| download | linux-dev-79e178a57dae819ae724065b47c25720494cc9f2.tar.xz linux-dev-79e178a57dae819ae724065b47c25720494cc9f2.zip | |
Merge tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Pull apparmor updates from John Johansen:
"Features:
- increase left match history buffer size to provide improved
conflict resolution in overlapping execution rules.
- switch buffer allocation to use a memory pool and GFP_KERNEL where
possible.
- add compression of policy blobs to reduce memory usage.
Cleanups:
- fix spelling mistake "immutible" -> "immutable"
Bug fixes:
- fix unsigned len comparison in update_for_len macro
- fix sparse warning for type-casting of current->real_cred"
* tag 'apparmor-pr-2019-12-03' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: make it so work buffers can be allocated from atomic context
apparmor: reduce rcu_read_lock scope for aa_file_perm mediation
apparmor: fix wrong buffer allocation in aa_new_mount
apparmor: fix unsigned len comparison with less than zero
apparmor: increase left match history buffer size
apparmor: Switch to GFP_KERNEL where possible
apparmor: Use a memory pool instead per-CPU caches
apparmor: Force type-casting of current->real_cred
apparmor: fix spelling mistake "immutible" -> "immutable"
apparmor: fix blob compression when ns is forced on a policy load
apparmor: fix missing ZLIB defines
apparmor: fix blob compression build failure on ppc
apparmor: Initial implementation of raw policy blob compression
Diffstat (limited to 'security/apparmor/policy.c')
| -rw-r--r-- | security/apparmor/policy.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index ade333074c8e..03104830c913 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -582,7 +582,7 @@ static int replacement_allowed(struct aa_profile *profile, int noreplace, { if (profile) { if (profile->label.flags & FLAG_IMMUTIBLE) { - *info = "cannot replace immutible profile"; + *info = "cannot replace immutable profile"; return -EPERM; } else if (noreplace) { *info = "profile already exists"; @@ -856,7 +856,7 @@ static struct aa_profile *update_to_newest_parent(struct aa_profile *new) ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, u32 mask, struct aa_loaddata *udata) { - const char *ns_name, *info = NULL; + const char *ns_name = NULL, *info = NULL; struct aa_ns *ns = NULL; struct aa_load_ent *ent, *tmp; struct aa_loaddata *rawdata_ent; @@ -1043,6 +1043,7 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, out: aa_put_ns(ns); aa_put_loaddata(udata); + kfree(ns_name); if (error) return error; |