[apparmor] [PATCH 02/36] apparmor: convert profile lists to RCU based locking
John Johansen
john.johansen at canonical.com
Thu May 9 09:43:10 UTC 2013
On 05/09/2013 02:27 AM, John Johansen wrote:
> On 05/08/2013 02:37 PM, Seth Arnold wrote:
>> On Wed, May 01, 2013 at 02:30:47PM -0700, John Johansen wrote:
>>
<< snip >>
>> released (which means they take ns->unconfined->label for themselves),
>> and then ns->unconfined is replaced with ns->parent->unconfined.
>>
>> While destroy_namespace() in newer iterations populates the replacedby
>> struct, I'm worried that the aa_put_profile(unconfined) means the refcount
>> is dropped despite processes actively using the original ns->unconfined.
>>
> the profile references around your concern look good (that is refcounts are
> taken on ns->unconfined where needed) however there is an issue that needs
> to be fixed.
> - __profile_list_release is setting replacedby without dealing with potential
> replacedby references that already exist
>
Ha no, I'm wrong ignore me. This is old code not using the shared replacedby
it can not be set if the profile is on the list. So its okay
More information about the AppArmor
mailing list