linux/security/apparmor
John Johansen fa2ac468db apparmor: update how unconfined is handled
ns->unconfined is being used read side without locking, nor rcu but is
being updated when a namespace is removed. This works for the root ns
which is never removed but has a race window and can cause failures when
children namespaces are removed.

Also ns and ns->unconfined have a circular refcounting dependency that
is problematic and must be broken. Currently this is done incorrectly
when the namespace is destroyed.

Fix this by forward referencing unconfined via the replacedby infrastructure
instead of directly updating the ns->unconfined pointer.

Remove the circular refcount dependency by making the ns and its unconfined
profile share the same refcount.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-08-14 11:42:06 -07:00
..
include apparmor: update how unconfined is handled 2013-08-14 11:42:06 -07:00
.gitignore AppArmor: remove af_names.h from .gitignore 2012-09-01 08:35:34 -07:00
apparmorfs.c apparmor: provide base for multiple profiles to be replaced at once 2013-08-14 11:42:06 -07:00
audit.c apparmor: fix the audit type table 2013-04-28 00:37:41 -07:00
capability.c LSM: do not initialize common_audit_data to 0 2012-04-09 12:23:04 -04:00
context.c apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
domain.c apparmor: update how unconfined is handled 2013-08-14 11:42:06 -07:00
file.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
ipc.c apparmor: add utility function to get an arbitrary tasks profile. 2013-04-28 00:35:53 -07:00
Kconfig apparmor: depends on NET 2010-08-05 07:36:51 -04:00
lib.c apparmor: remove minimum size check for vmalloc() 2013-08-14 11:42:05 -07:00
lsm.c apparmor: change how profile replacement update is done 2013-08-14 11:42:06 -07:00
Makefile apparmor: fix apparmor OOPS in audit_log_untrustedstring+0x1c/0x40 2012-10-17 16:29:46 -07:00
match.c apparmor: reserve and mask off the top 8 bits of the base field 2013-04-28 00:37:32 -07:00
path.c apparmor: fix error code to failure message mapping for name lookup 2013-04-28 00:35:40 -07:00
policy_unpack.c apparmor: provide base for multiple profiles to be replaced at once 2013-08-14 11:42:06 -07:00
policy.c apparmor: update how unconfined is handled 2013-08-14 11:42:06 -07:00
procattr.c apparmor: remove "permipc" command 2013-04-28 00:36:32 -07:00
resource.c apparmor: relax the restrictions on setting rlimits 2013-04-28 00:36:46 -07:00
sid.c AppArmor: core policy routines 2010-08-02 15:38:37 +10:00