From cf797c0e5e312520b0b9f0367039fc0279a07a76 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 9 Jun 2017 02:08:28 -0700 Subject: apparmor: convert to profile block critical sections There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen --- security/apparmor/procattr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security/apparmor/procattr.c') diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index 3466a27bca09..41b7b64a906b 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -41,7 +41,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string) const char *mode_str = aa_profile_mode_names[profile->mode]; const char *ns_name = NULL; struct aa_ns *ns = profile->ns; - struct aa_ns *current_ns = __aa_current_profile()->ns; + struct aa_ns *current_ns = aa_get_current_ns(); char *s; if (!aa_ns_visible(current_ns, ns, true)) @@ -75,6 +75,7 @@ int aa_getprocattr(struct aa_profile *profile, char **string) else sprintf(s, "%s (%s)\n", profile->base.hname, mode_str); *string = str; + aa_put_ns(current_ns); /* NOTE: len does not include \0 of string, not saved as part of file */ return len; -- cgit v1.2.3