From: Zygmunt Krynicki Date: Tue, 5 May 2026 03:40:53 +0000 (+0200) Subject: apparmor: put secmark label after secid lookup X-Git-Tag: v7.2-rc1~43^2~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=340372688bb87da45ff8d4e2f82ccfd1b64c65ff;p=thirdparty%2Flinux.git apparmor: put secmark label after secid lookup apparmor_secmark_init() parses a configured secmark label to obtain its secid. aa_label_strn_parse() returns a refcounted label, but the success path kept that reference after copying the secid. Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy") Signed-off-by: Zygmunt Krynicki Signed-off-by: John Johansen --- diff --git a/security/apparmor/net.c b/security/apparmor/net.c index 44c04102062f3..df9cb7c00cac8 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark) return PTR_ERR(label); secmark->secid = label->secid; + aa_put_label(label); return 0; }