[Patch][utopic] UBUNTU: SAUCE: Revert: fix: only allow a single threaded process to ...

[John Johansen]

>From 30df55014aeb91a7ea76d8866f044037c87a888d Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Mon, 6 Oct 2014 10:49:58 -0700
Subject: [PATCH] UBUNTU: SAUCE: Revert: fix: only allow a single threaded
 process to ...

Revert the enforcement of only a single thread tasks using change_onexec.
While this change prevents applications from using change_onexec in
a potentially broken way (it can be done right but the application code
using it needs to be carefully audited), it does restrict historically
allowed behavior. Specifically this change is causes docker to fail, and
needs to be reverted until it can be selectively applied with policy
changes.

BugLink: http://bugs.launchpad.net/bugs/1371310

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 security/apparmor/domain.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 3953b31..1d07506 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -822,13 +822,6 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
 	if (error)
 		goto audit;
 
-	if (onexec && !current_is_single_threaded()) {
-		info = "not a single threaded task";
-		error = -EACCES;
-		goto audit;
-	}
-
-
 	if (permtest)
 		goto audit;
 
-- 
2.1.0