[apparmor] AppArmor kernel audit locks up system
Andreas Steinmetz
anstein99 at googlemail.com
Mon Oct 9 06:39:51 UTC 2023
On Sat, Oct 7, 2023 at 12:07 AM Paul Moore <paul at paul-moore.com> wrote:
>
> Does anyone else have any bright ideas or crazy thoughts on this?
>
Well, not really an idea and for sure either crazy or dumb:
Why not use the data already available from DEFINE_AUDIT_DATA() to
determine the call path (or add a modifiable field to the struct) and
handle locking accordingly?
Anyway, this problem can be seen as a DoS vector. Any malicious code
could trigger some audit causing a system lockup. So however ugly the
solution this needs to be solved.
More information about the AppArmor
mailing list