apparmor: fix change_hat not finding hat after policy replacement
After a policy replacement, the task cred may be out of date and need
to be updated. However change_hat is using the stale profiles from
the out of date cred resulting in either: a stale profile being applied
or, incorrect failure when searching for a hat profile as it has been
migrated to the new parent profile.
Fixes: 6228229860a6ed35b8dfc0fc13dfa3daff01213a (failure to find hat)
Fixes: 95c652c046bf3d02e9c070ea38d8ec25a74ad262 (stale policy being applied)
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=
1000287
Cc: stable@vger.kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
projects / kernel.git / commit