apparmor: fail task profile update if current_cred isn't real_cred

Trying to update the task cred while the task current cred is not the real cred will result in an error at the cred layer. Avoid this by failing early and delaying the update. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-01-16 00:42:59 -0800
committer: John Johansen <john.johansen@canonical.com> 2017-01-16 01:18:45 -0800
commit: a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12 (patch)
tree: b3a7316e235e2281d0e02a958dc6d29b63ada8f7 /security/apparmor
parent: b7fd2c0340eacbee892425e9007647568b7f2a3c (diff)
download: talos-obmc-linux-a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12.tar.gz
talos-obmc-linux-a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index 3c4f534ef88c..3f32f594c999 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -100,6 +100,9 @@ int aa_replace_current_profile(struct aa_profile *profile)
 	if (cxt->profile == profile)
 		return 0;
 
+	if (current_cred() != current_real_cred())
+		return -EBUSY;
+
 	new  = prepare_creds();
 	if (!new)
 		return -ENOMEM;
author	John Johansen <john.johansen@canonical.com>	2017-01-16 00:42:59 -0800
committer	John Johansen <john.johansen@canonical.com>	2017-01-16 01:18:45 -0800
commit	a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12 (patch)
tree	b3a7316e235e2281d0e02a958dc6d29b63ada8f7 /security/apparmor
parent	b7fd2c0340eacbee892425e9007647568b7f2a3c (diff)
download	talos-obmc-linux-a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12.tar.gz talos-obmc-linux-a20aa95fbe1abb4c6f333a1f55e9fd15b01c7f12.zip