diff --git a/security/apparmor/include/context.h b/security/apparmor/include/context.h index 4c1acfca05e910e26f98c01f535580819b2014b7..9adac5d99dface43bdaf5ceed9d3df2ee23bb116 100644 --- a/security/apparmor/include/context.h +++ b/security/apparmor/include/context.h @@ -162,8 +162,6 @@ static inline void aa_end_current_label(struct aa_label *label) * just return the up to date label * * The returned reference must be put with aa_end_current_label() - * This must NOT be used if the task cred could be updated within the - * critical section between aa_begin_current_label() .. aa_end_current_label() */ static inline struct aa_label *aa_begin_current_label(bool update) { diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4b8602d7d4a0a04f88cc642754055d2d41c3d545..a866a0b45ac211a7d20d4341ef94f0191128f916 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -580,10 +580,10 @@ static int apparmor_sb_pivotroot(struct path *old_path, struct path *new_path) struct aa_label *label; int error = 0; - label = aa_get_current_label(); + label = aa_begin_current_label(NO_UPDATE); if (!unconfined(label)) error = aa_pivotroot(label, old_path, new_path); - aa_put_label(label); + aa_end_current_label(label); return error; }