Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b404a51 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull apparmor bugfix from James Morris:
 "This has a fix for a policy replacement bug that is fairly serious for
  apache mod_apparmor users, as it results in the wrong policy being
  applied on an network facing service"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  apparmor: fix change_hat not finding hat after policy replacement
parents 8d1a2408 3d40658c

security/apparmor/domain.c

+4 −2
Original line number Diff line number Diff line
@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) 
	/* released below */

	cred = get_current_cred();

	cxt = cred_cxt(cred);

	profile = aa_cred_profile(cred);

	previous_profile = cxt->previous;

	profile = aa_get_newest_profile(aa_cred_profile(cred));

	previous_profile = aa_get_newest_profile(cxt->previous);



	if (unconfined(profile)) {

		info = "unconfined";
@@ -718,6 +718,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) 
out:

	aa_put_profile(hat);

	kfree(name);

	aa_put_profile(profile);

	aa_put_profile(previous_profile);

	put_cred(cred);



	return error;