[apparmor] [PATCH 02/24] apparmor: convert profile lists to RCU based locking
John Johansen
john.johansen at canonical.com
Sat Mar 2 02:05:54 UTC 2013
On 03/01/2013 05:57 PM, Seth Arnold wrote:
>> @@ -546,17 +534,40 @@ static void __ns_list_release(struct list_head *head);
>> */
>> static void destroy_namespace(struct aa_namespace *ns)
>> {
>> + struct aa_profile *unconfined;
>> +
>> if (!ns)
>> return;
>>
>> - write_lock(&ns->lock);
>> + mutex_lock(&ns->lock);
>> /* release all profiles in this namespace */
>> __profile_list_release(&ns->base.profiles);
>>
>> /* release all sub namespaces */
>> __ns_list_release(&ns->sub_ns);
>>
>> - write_unlock(&ns->lock);
>> + unconfined = ns->unconfined;
>> + /*
>> + * break the ns, unconfined profile cyclic reference and forward
>> + * all new unconfined profiles requests to the parent namespace
>> + * This will result in all confined tasks that have a profile
>> + * being removed, inheriting the parent->unconfined profile.
>> + */
>> + if (ns->parent)
>> + ns->unconfined = aa_get_profile(ns->parent->unconfined);
>
> Incidentally, the comment in alloc_namespace() is incorrect now that
> this code block have moved functions:
>
> /*
> * released by free_namespace, however __remove_namespace breaks
> * the cyclic references (ns->unconfined, and unconfined->ns) and
> * replaces with refs to parent namespace unconfined
> */
>
just roll with it as its changed in a subsequent patch
>
> It might not actually matter much that the name has changed, since
> __remove_namespace() calls destroy_namespace().. but it does bug me a
> touch that the outer function has double-leading-underscore and the inner
> function doesn't have the double-leading-underscore. Do the names need
> some cleanup? (I'd love to see the split removed entirely, but removing
> the root namespace is a special-case operation...)
>
nope, another convention
the double underscore indicates it needs to be called within locking or
something else special.
destroy_namespace() doesn't technically need that as long as the ns is not
in a list.
__remove_namespace() is all about pulling the ns from the list and so needs
it.
Also just roll with it, as things get changed here as well in a subsequent
patch.
More information about the AppArmor
mailing list