[apparmor] AppArmor kernel audit locks up system
Paul Moore
paul at paul-moore.com
Mon Oct 9 17:06:30 UTC 2023
On Mon, Oct 9, 2023 at 2:40 AM Andreas Steinmetz
<anstein99 at googlemail.com> wrote:
> On Sat, Oct 7, 2023 at 12:07 AM Paul Moore <paul at paul-moore.com> wrote:
> >
> > Does anyone else have any bright ideas or crazy thoughts on this?
> >
>
> Well, not really an idea and for sure either crazy or dumb:
>
> Why not use the data already available from DEFINE_AUDIT_DATA() to
> determine the call path (or add a modifiable field to the struct) and
> handle locking accordingly?
It's possible I'm missing something as I'm not very familiar with the
AppArmor details, but I'm not sure how this would solve the problem;
can you elaborate on this?
> Anyway, this problem can be seen as a DoS vector. Any malicious code
> could trigger some audit causing a system lockup. So however ugly the
> solution this needs to be solved.
I don't think anyone is objecting to resolving this, it's more a
matter of *how* we can resolve it.
--
paul-moore.com
More information about the AppArmor
mailing list