From cf797c0e5e312520b0b9f0367039fc0279a07a76 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 9 Jun 2017 02:08:28 -0700 Subject: apparmor: convert to profile block critical sections There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen --- security/apparmor/resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security/apparmor/resource.c') diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index ae66151fdc38..b26f1dac5106 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -90,7 +90,7 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, int error = 0; rcu_read_lock(); - task_profile = aa_get_profile(aa_cred_profile(__task_cred(task))); + task_profile = aa_get_newest_cred_profile((__task_cred(task))); rcu_read_unlock(); /* TODO: extend resource control to handle other (non current) -- cgit v1.2.3-59-g8ed1b