[PATCH 1/4] AppArmor: Remove null_profile's use of PFLAG_NO_LIST_REF
john.johansen at canonical.com
john.johansen at canonical.com
Tue Mar 30 17:39:07 UTC 2010
From: John Johansen <john.johansen at canonical.com>
Buglink: http://launchpad.net/bugs/539437
null_profile's currently have a list ref so they should not be using the
PFLAG_NO_LIST_REF flag, which prevent them from having their references
put correctly resulting in a leak.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/policy.c | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index a3b6dc4..a92ad82 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -229,10 +229,7 @@ static struct aa_namespace *aa_alloc_namespace(const char *name)
INIT_LIST_HEAD(&ns->sub_ns);
rwlock_init(&ns->lock);
- /*
- * null profile is not added to the profile list,
- * released by aa_free_namespace
- */
+ /* released by aa_free_namespace */
ns->unconfined = aa_alloc_profile("unconfined");
if (!ns->unconfined)
goto fail_unconfined;
@@ -631,7 +628,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
profile->sid = sid;
profile->mode = APPARMOR_COMPLAIN;
- profile->flags = PFLAG_NULL | PFLAG_NO_LIST_REF;
+ profile->flags = PFLAG_NULL;
if (hat)
profile->flags |= PFLAG_HAT;
--
1.6.3.3
More information about the kernel-team
mailing list