From 340372688bb87da45ff8d4e2f82ccfd1b64c65ff Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Tue, 5 May 2026 05:40:53 +0200 Subject: [PATCH] apparmor: put secmark label after secid lookup apparmor_secmark_init() parses a configured secmark label to obtain its secid. aa_label_strn_parse() returns a refcounted label, but the success path kept that reference after copying the secid. Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy") Signed-off-by: Zygmunt Krynicki Signed-off-by: John Johansen --- security/apparmor/net.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/apparmor/net.c b/security/apparmor/net.c index 44c04102062f3..df9cb7c00cac8 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark) return PTR_ERR(label); secmark->secid = label->secid; + aa_put_label(label); return 0; } -- 2.47.3