aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
authorZygmunt Krynicki <me@zygoon.pl>2026-05-05 05:40:53 +0200
committerJohn Johansen <john.johansen@canonical.com>2026-06-13 20:18:30 -0700
commit340372688bb87da45ff8d4e2f82ccfd1b64c65ff (patch)
tree5856cb5ef15a9345fd75d530ab62c6876f07552c /security
parentfea23bf73f0cae8ccb1d0684e4a3003874771f41 (diff)
downloadath-340372688bb87da45ff8d4e2f82ccfd1b64c65ff.tar.gz
apparmor: put secmark label after secid lookup
apparmor_secmark_init() parses a configured secmark label to obtain its secid. aa_label_strn_parse() returns a refcounted label, but the success path kept that reference after copying the secid. Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy") Signed-off-by: Zygmunt Krynicki <me@zygoon.pl> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/net.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 44c04102062f3..df9cb7c00cac8 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark)
return PTR_ERR(label);
secmark->secid = label->secid;
+ aa_put_label(label);
return 0;
}