apparmor: fail task profile update if current_cred isn't real_cred

Trying to update the task cred while the task current cred is not the real cred will result in an error at the cred layer. Avoid this by failing early and delaying the update. Signed-off-by: John Johansen <[email protected]>
vieko · Jan 16, 2017 · a20aa95 · a20aa95
1 parent b7fd2c0
commit a20aa95
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
@@ -100,6 +100,9 @@ int aa_replace_current_profile(struct aa_profile *profile)
 	if (cxt->profile == profile)
 		return 0;
 
+	if (current_cred() != current_real_cred())
+		return -EBUSY;
+
 	new  = prepare_creds();
 	if (!new)
 		return -ENOMEM;