From 4f0e01864622f95bbd948b1c0d30d1a3fd2b2dd2 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 18 Mar 2021 11:24:18 +0100
Subject: [PATCH] apparmor:  handle on-exec

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/lsm/apparmor.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index deadccc3e..73429ed33 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -1165,15 +1165,15 @@ static int apparmor_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on
 
 static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec)
 {
+	__do_free char *command = NULL;
 	int ret = -1;
 	size_t len;
-	__do_free char *command = NULL;
 
 	if (on_exec)
-		log_trace(0, "Changing AppArmor profile on exec not supported");
+		TRACE("Changing AppArmor profile on exec not supported");
 
 	len = strlen(label) + strlen("changeprofile ") + 1;
-	command = malloc(len);
+	command = zalloc(len);
 	if (!command)
 		return ret_errno(ENOMEM);
 
-- 
2.47.3