apparmor: convert to profile block critical sections

There are still a few places where profile replacement fails to update and a stale profile is used for mediation. Fix this by moving to accessing the current label through a critical section that will always ensure mediation is using the current label regardless of whether the tasks cred has been updated or not. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-06-09 02:08:28 -0700
committer: John Johansen <john.johansen@canonical.com> 2017-06-10 17:11:34 -0700
commit: cf797c0e5e312520b0b9f0367039fc0279a07a76 (patch)
tree: 68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/policy_unpack.c
parent: fe864821d504f33f22b3ce2d5599ae95598db721 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index e521df1bd1fb..cac69f2cb86d 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -107,7 +107,7 @@ static int audit_iface(struct aa_profile *new, const char *ns_name,
 		       const char *name, const char *info, struct aa_ext *e,
 		       int error)
 {
-	struct aa_profile *profile = __aa_current_profile();
+	struct aa_profile *profile = aa_current_raw_profile();
 	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, NULL);
 	if (e)
 		aad(&sa)->iface.pos = e->pos - e->start;
author	John Johansen <john.johansen@canonical.com>	2017-06-09 02:08:28 -0700
committer	John Johansen <john.johansen@canonical.com>	2017-06-10 17:11:34 -0700
commit	cf797c0e5e312520b0b9f0367039fc0279a07a76 (patch)
tree	68dc51534745fb230ec35e1d56bb158fb99b225b /security/apparmor/policy_unpack.c
parent	fe864821d504f33f22b3ce2d5599ae95598db721 (diff)