This prevents a bug where a hat could be used to set onexec and then return to parent with it set.
If in a hat when onexec is set then return to parent will be prevented. Signed-off-by: John Johansen <[email protected]> --- security/apparmor/context.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/context.c b/security/apparmor/context.c index 3064c6c..a3d836e 100644 --- a/security/apparmor/context.c +++ b/security/apparmor/context.c @@ -138,7 +138,7 @@ int aa_set_current_onexec(struct aa_profile *profile) cxt = cred_cxt(new); aa_get_profile(profile); - aa_put_profile(cxt->onexec); + aa_clear_task_cxt_trans(cxt); cxt->onexec = profile; commit_creds(new); -- 2.7.4 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
