WSL2-Linux-Kernel/security/apparmor
John Johansen 3d40658c97 apparmor: fix change_hat not finding hat after policy replacement
After a policy replacement, the task cred may be out of date and need
to be updated. However change_hat is using the stale profiles from
the out of date cred resulting in either: a stale profile being applied
or, incorrect failure when searching for a hat profile as it has been
migrated to the new parent profile.

Fixes: 01e2b670aa (failure to find hat)
Fixes: 898127c34e (stale policy being applied)
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000287
Cc: stable@vger.kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2016-11-21 18:01:28 +11:00
..
include apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
Kconfig apparmor: add parameter to control whether policy hashing is used 2016-07-12 08:43:10 -07:00
Makefile apparmor: add the ability to report a sha1 hash of loaded policy 2013-08-14 11:42:08 -07:00
apparmorfs.c fs: Replace CURRENT_TIME with current_time() for inode timestamps 2016-09-27 21:06:21 -04:00
audit.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
capability.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
context.c apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
crypto.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
domain.c apparmor: fix change_hat not finding hat after policy replacement 2016-11-21 18:01:28 +11:00
file.c apparmor: fix uninitialized lsm_audit member 2016-07-12 08:43:10 -07:00
ipc.c apparmor: fix capability to not use the current task, during reporting 2013-10-29 21:33:37 -07:00
lib.c nick kvfree() from apparmor 2014-05-06 14:02:53 -04:00
lsm.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
match.c apparmor: do not expose kernel stack 2016-07-12 08:43:10 -07:00
path.c apparmor: internal paths should be treated as disconnected 2016-07-12 08:43:10 -07:00
policy.c apparmor: fix module parameters can be changed after policy is locked 2016-07-12 08:43:10 -07:00
policy_unpack.c apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling 2016-07-27 17:39:26 +10:00
procattr.c apparmor: add interface files for profiles and namespaces 2013-08-14 11:42:07 -07:00
resource.c apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task 2016-07-12 08:43:10 -07:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00