diff options
author | John Johansen <john.johansen@canonical.com> | 2013-10-08 05:37:18 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2013-10-29 21:33:37 -0700 |
commit | dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f (patch) | |
tree | f97984485d11517840063f8d5e78c39f9f292c00 /security/apparmor/lsm.c | |
parent | 50b719f811583a47762ecb7e480d253abc2eb22f (diff) | |
download | op-kernel-dev-dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f.zip op-kernel-dev-dd0c6e86f66080869ca0a48c78fb9bfbe4cf156f.tar.gz |
apparmor: fix capability to not use the current task, during reporting
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lsm.c')
-rw-r--r-- | security/apparmor/lsm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index fb99e18..4257b7e 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -145,7 +145,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, if (!error) { profile = aa_cred_profile(cred); if (!unconfined(profile)) - error = aa_capable(current, profile, cap, audit); + error = aa_capable(profile, cap, audit); } return error; } |