summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-01-16 00:42:59 -0800
committerJohn Johansen <john.johansen@canonical.com>2017-01-16 01:18:45 -0800
commita20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12 (patch)
treeb3a7316e235e2281d0e02a958dc6d29b63ada8f7
parentb7fd2c0340eacbee892425e9007647568b7f2a3c (diff)
downloadlinux-a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12.tar.bz2
apparmor: fail task profile update if current_cred isn't real_cred
Trying to update the task cred while the task current cred is not the real cred will result in an error at the cred layer. Avoid this by failing early and delaying the update. Signed-off-by: John Johansen <john.johansen@canonical.com>
-rw-r--r--security/apparmor/context.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 3c4f534ef88c..3f32f594c999 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -100,6 +100,9 @@ int aa_replace_current_profile(struct aa_profile *profile)
if (cxt->profile == profile)
return 0;
+ if (current_cred() != current_real_cred())
+ return -EBUSY;
+
new = prepare_creds();
if (!new)
return -ENOMEM;