diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-06-04 12:22:22 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:32 -0700 |
| commit | 60285eb3e7c8827e00e2f2b54561a8cca07d802f (patch) | |
| tree | 3f4ea89339e63e1a522e0d6d814f64348e555e5e /security/apparmor/apparmorfs.c | |
| parent | 3664268f19ea07bec55df92fe53ff9ed28968bcc (diff) | |
| download | linux-60285eb3e7c8827e00e2f2b54561a8cca07d802f.tar.bz2 | |
apparmor: fix policy load/remove semantics
The namespace being passed into the replace/remove profiles fns() is
not the view, but the namespace specified by the inode from the
file hook (if present) or the loading tasks ns, if accessing the
top level virtualized load/replace file interface.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/apparmorfs.c')
| -rw-r--r-- | security/apparmor/apparmorfs.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 105a1da57b8f..4f4cd98d2b3b 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -418,8 +418,7 @@ static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, data = aa_simple_write_to_buffer(buf, size, size, pos); error = PTR_ERR(data); if (!IS_ERR(data)) { - error = aa_replace_profiles(ns ? ns : profile->ns, profile, - mask, data); + error = aa_replace_profiles(ns, profile, mask, data); aa_put_loaddata(data); } @@ -486,8 +485,7 @@ static ssize_t profile_remove(struct file *f, const char __user *buf, error = PTR_ERR(data); if (!IS_ERR(data)) { data->data[size] = 0; - error = aa_remove_profiles(ns ? ns : profile->ns, profile, - data->data, size); + error = aa_remove_profiles(ns, profile, data->data, size); aa_put_loaddata(data); } out: |