diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 14:07:02 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:40 -0700 |
commit | c70c86c421427fd8487867de66c4104b15abd772 (patch) | |
tree | 0d742b0b9d2f2972b1f93aea3caf1a6c87b3b91b /security/apparmor/resource.c | |
parent | 317d9a054e1c6d5f18b02b99ce09911942f8e603 (diff) |
apparmor: move capability checks to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/resource.c')
-rw-r--r-- | security/apparmor/resource.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c index ab8e104c1970..2474ee0b3467 100644 --- a/security/apparmor/resource.c +++ b/security/apparmor/resource.c @@ -100,7 +100,7 @@ int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task, * task has CAP_SYS_RESOURCE. */ if ((profile != labels_profile(task_label) && - aa_capable(profile, CAP_SYS_RESOURCE, 1)) || + aa_capable(&profile->label, CAP_SYS_RESOURCE, 1)) || (profile->rlimits.mask & (1 << resource) && new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)) error = -EACCES; |