iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AppArmor: Fix locking from removal of profile namespace

Browse Source 
The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
John Johansen 2010-08-27 18:33:29 -07:00 committed by James Morris
parent 04ccd53f09
commit 999b4f0aa2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/apparmor/policy.c
View File

@ -1151,12 +1151,14 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
/* released below */ /* released below */
ns = aa_get_namespace(root); ns = aa_get_namespace(root);
write_lock(&ns->lock);
if (!name) { if (!name) {
/* remove namespace - can only happen if fqname[0] == ':' */ /* remove namespace - can only happen if fqname[0] == ':' */
write_lock(&ns->parent->lock);
__remove_namespace(ns); __remove_namespace(ns);
write_unlock(&ns->parent->lock);
} else { } else {
/* remove profile */ /* remove profile */
write_lock(&ns->lock);
profile = aa_get_profile(__lookup_profile(&ns->base, name)); profile = aa_get_profile(__lookup_profile(&ns->base, name));
if (!profile) { if (!profile) {
error = -ENOENT; error = -ENOENT;
@ -1165,8 +1167,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
} }
name = profile->base.hname; name = profile->base.hname;
__remove_profile(profile); __remove_profile(profile);
}
write_unlock(&ns->lock); write_unlock(&ns->lock);
}
/* don't fail removal if audit fails */ /* don't fail removal if audit fails */
(void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error); (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);