diff options
author | Daniel Thompson <daniel.thompson@linaro.org> | 2017-07-30 08:09:38 +0100 |
---|---|---|
committer | Daniel Thompson <daniel.thompson@linaro.org> | 2017-07-31 14:14:31 +0100 |
commit | d340d140e19641d7f85a4a0cf275fb8a6f8b3dd0 (patch) | |
tree | 3a0b50e0ced1c6d17b6c9aacc497d47c7eed3277 | |
parent | 890053bf3a0c244acafb5b6ca77b4dc53b2ee0de (diff) |
security: apparmor: RDA support
-rw-r--r-- | security/apparmor/.gitignore | 5 | ||||
-rw-r--r-- | security/apparmor/domain.c | 4 |
2 files changed, 2 insertions, 7 deletions
diff --git a/security/apparmor/.gitignore b/security/apparmor/.gitignore deleted file mode 100644 index 9cdec70d72b8..000000000000 --- a/security/apparmor/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# -# Generated include files -# -capability_names.h -rlim_names.h diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 859abdaac1ea..9aaa4e72cc1f 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -629,7 +629,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest) * There is no exception for unconfined as change_hat is not * available. */ - if (current->no_new_privs) + if (task_no_new_privs(current)) return -EPERM; /* released below */ @@ -780,7 +780,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec, * no_new_privs is set because this aways results in a reduction * of permissions. */ - if (current->no_new_privs && !unconfined(profile)) { + if (task_no_new_privs(current) && !unconfined(profile)) { put_cred(cred); return -EPERM; } |