summaryrefslogtreecommitdiff
path: root/security/apparmor/resource.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 14:07:02 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:40 -0700
commitc70c86c421427fd8487867de66c4104b15abd772 (patch)
tree0d742b0b9d2f2972b1f93aea3caf1a6c87b3b91b /security/apparmor/resource.c
parent317d9a054e1c6d5f18b02b99ce09911942f8e603 (diff)
apparmor: move capability checks to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/resource.c')
-rw-r--r--security/apparmor/resource.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index ab8e104c1970..2474ee0b3467 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -100,7 +100,7 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
* task has CAP_SYS_RESOURCE.
*/
if ((profile != labels_profile(task_label) &&
- aa_capable(profile, CAP_SYS_RESOURCE, 1)) ||
+ aa_capable(&profile->label, CAP_SYS_RESOURCE, 1)) ||
(profile->rlimits.mask & (1 << resource) &&
new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
error = -EACCES;