From c70c86c421427fd8487867de66c4104b15abd772 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 9 Jun 2017 14:07:02 -0700
Subject: apparmor: move capability checks to using labels

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/resource.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'security/apparmor/resource.c')

diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index ab8e104c1970..2474ee0b3467 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -100,7 +100,7 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
 	 * task has CAP_SYS_RESOURCE.
 	 */
 	if ((profile != labels_profile(task_label) &&
-	     aa_capable(profile, CAP_SYS_RESOURCE, 1)) ||
+	     aa_capable(&profile->label, CAP_SYS_RESOURCE, 1)) ||
 	    (profile->rlimits.mask & (1 << resource) &&
 	     new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
 		error = -EACCES;
-- 
cgit v1.2.3