diff options
| author | Zygmunt Krynicki <me@zygoon.pl> | 2026-05-05 05:40:53 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2026-06-13 20:18:30 -0700 |
| commit | 340372688bb87da45ff8d4e2f82ccfd1b64c65ff (patch) | |
| tree | 5856cb5ef15a9345fd75d530ab62c6876f07552c /security | |
| parent | fea23bf73f0cae8ccb1d0684e4a3003874771f41 (diff) | |
| download | ath-340372688bb87da45ff8d4e2f82ccfd1b64c65ff.tar.gz | |
apparmor: put secmark label after secid lookup
apparmor_secmark_init() parses a configured secmark label to obtain its
secid. aa_label_strn_parse() returns a refcounted label, but the success
path kept that reference after copying the secid.
Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy")
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/net.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/net.c b/security/apparmor/net.c index 44c04102062f3..df9cb7c00cac8 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark) return PTR_ERR(label); secmark->secid = label->secid; + aa_put_label(label); return 0; } |
