apparmor: fail task profile update if current_cred isn't real_cred

Trying to update the task cred while the task current cred is not the
real cred will result in an error at the cred layer. Avoid this by
failing early and delaying the update.

Signed-off-by: John Johansen <john.johansen@canonical.com>

security/apparmor/context.c

@@ -100,6 +100,9 @@ int aa_replace_current_profile(struct aa_profile *profile)
 	if (cxt->profile == profile)
 		return 0;
 
+	if (current_cred() != current_real_cred())
+		return -EBUSY;
+
 	new  = prepare_creds();
 	if (!new)
 		return -ENOMEM;