+ return error;
+}
-commit 29fb087c5df8bb8ac354ab58d33c43e68270123b
-Author: John Johansen <john.johansen@canonical.com>
-Date: Wed Aug 31 21:10:06 2016 -0700
-
- apparmor: fix change_hat not finding hat after policy replacement
-
- After a policy replacement, the task cred may be out of date and need
- to be updated. However change_hat is using the stale profiles from
- the out of date cred resulting in either: a stale profile being applied
- or, incorrect failure when searching for a hat profile as it has been
- migrated to the new parent profile.
-
- Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat)
- Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied)
- Signed-off-by: John Johansen <john.johansen@canonical.com>
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index f2a83b4..dbd68f2 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
- /* released below */
- cred = get_current_cred();
- cxt = cred_cxt(cred);
-- profile = aa_cred_profile(cred);
-- previous_profile = cxt->previous;
-+ profile = aa_get_newest_profile(aa_cred_profile(cred));
-+ previous_profile = aa_get_newest_profile(cxt->previous);
-
- if (unconfined(profile)) {
- info = "unconfined";
-@@ -718,6 +718,8 @@ audit:
- out:
- aa_put_profile(hat);
- kfree(name);
-+ aa_put_profile(profile);
-+ aa_put_profile(previous_profile);
- put_cred(cred);
-
- return error;
%define rel 1
%define basever 4.8
-%define postver .11
+%define postver .12
# define this to '-%{basever}' for longterm branch
%define versuffix %{nil}
# Source0-md5: c1af0afbd3df35c1ccdc7a5118cd2d07
%if "%{postver}" != ".0"
Patch0: https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5: d999d6d294818491221f6d9789a667e8
+# Patch0-md5: 9a938fd7a82d8b390f957657947fe673
%endif
Source1: kernel.sysconfig