[PATCH 06/11] AppArmor: Stop unconfined from inheriting replaced/removed children
John Johansen
john.johansen at canonical.com
Tue Apr 13 09:15:31 UTC 2010
On 04/13/2010 12:09 AM, john.johansen at canonical.com wrote:
> From: John Johansen <john.johansen at canonical.com>
>
> OriginalAuthor: John Johansen <john.johansen at canonical.com>
> OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$
> commit: 7c19603812a662c5138bc3a2bfc59db8a9338140
> BugLink: http://bugs.launchpad.net/bugs/562052
>
> When profile replacement/removal is done children are inherited by the
> replacement profile. However when there is no replacement specified
> replacement by the namespace's unconfined profile is done.
>
> However unconfined should not inherit children as they lose visibility
> and can not be removed resulting in a "leak" as those profiles memory
> will never get freed.
>
please ignore this patch. It does address a bug in this function
(being part of the upstream cleanup patches) however the bug can not be
triggered in the Lucid kernel as the calling function
aa_interface_remove_profiles removes the all children with
__aa_profile_list_release before calling this fn.
__aa_profile_list_release(&profile->base.profiles);
__aa_replace_profile(profile, NULL);
More information about the kernel-team
mailing list