Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile

[~andy/linux] / security / apparmor / lsm.c

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ec1bcecf2cdacd6009c79d6a809d4b7b8443f29d..37832026e58a234c249b44959f6cba5aa1dacbb5 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -127,7 +127,7 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
        *inheritable = cred->cap_inheritable;
        *permitted = cred->cap_permitted;
 
-       if (!unconfined(profile)) {
+       if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {
                *effective = cap_intersect(*effective, profile->caps.allow);
                *permitted = cap_intersect(*permitted, profile->caps.allow);
        }
@@ -612,7 +612,7 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
 static int apparmor_task_setrlimit(struct task_struct *task,
                unsigned int resource, struct rlimit *new_rlim)
 {
-       struct aa_profile *profile = aa_current_profile();
+       struct aa_profile *profile = __aa_current_profile();
        int error = 0;
 
        if (!unconfined(profile))