[PATCH] UBUNTU: SAUCE: Add checking for AppArmorFS creation failure.
Brad Figg
brad.figg at canonical.com
Mon Mar 23 23:51:24 UTC 2009
Bug: 344370
When the creation of the AppArmor FS fails the default_namespace is
free'd. However, this was not being checked for and was being used
anyway.
Signed-off-by: Brad Figg <brad.figg at canonical.com>
---
security/apparmor/main.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/security/apparmor/main.c b/security/apparmor/main.c
index 5f9c1cd..a0434da 100644
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -1219,11 +1219,13 @@ repeat:
sa.error_code = -EACCES;
new_profile = ERR_PTR(aa_audit_file(profile, &sa));
}
- } else {
+ } else if (default_namespace) {
/* Unconfined task, load profile if it exists */
new_profile = aa_register_find(NULL, NULL, filename, 0, 0, &sa);
if (new_profile == NULL)
goto cleanup;
+ } else {
+ goto cleanup;
}
if (IS_ERR(new_profile))
--
1.6.1.3
More information about the kernel-team
mailing list