mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
39 lines
1.5 KiB
Diff
39 lines
1.5 KiB
Diff
|
From 1224a06778b89dcbf0ca85bd961c2fcdd8765a69 Mon Sep 17 00:00:00 2001
|
||
|
|
From: John Johansen <john.johansen@canonical.com>
|
||
|
|
Date: Mon, 11 Apr 2016 16:57:19 -0700
|
||
|
|
Subject: [PATCH 03/27] apparmor: fix replacement bug that adds new child to
|
||
|
|
old parent
|
||
|
|
|
||
|
|
When set atomic replacement is used and the parent is updated before the
|
||
|
|
child, and the child did not exist in the old parent so there is no
|
||
|
|
direct replacement then the new child is incorrectly added to the old
|
||
|
|
parent. This results in the new parent not having the child(ren) that
|
||
|
|
it should and the old parent when being destroyed asserting the
|
||
|
|
following error.
|
||
|
|
|
||
|
|
AppArmor: policy_destroy: internal error, policy '<profile/name>' still
|
||
|
|
contains profiles
|
||
|
|
|
||
|
|
Signed-off-by: John Johansen <john.johansen@canonical.com>
|
||
|
|
Acked-by: Seth Arnold <seth.arnold@canonical.com>
|
||
|
|
---
|
||
|
|
security/apparmor/policy.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
|
||
|
|
index 222052f..c92a9f6 100644
|
||
|
|
--- a/security/apparmor/policy.c
|
||
|
|
+++ b/security/apparmor/policy.c
|
||
|
|
@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
|
||
|
|
/* aafs interface uses replacedby */
|
||
|
|
rcu_assign_pointer(ent->new->replacedby->profile,
|
||
|
|
aa_get_profile(ent->new));
|
||
|
|
- __list_add_profile(&parent->base.profiles, ent->new);
|
||
|
|
+ __list_add_profile(&newest->base.profiles, ent->new);
|
||
|
|
aa_put_profile(newest);
|
||
|
|
} else {
|
||
|
|
/* aafs interface uses replacedby */
|
||
|
|
--
|
||
|
|
2.7.4
|
||
|
|
|