Home » Mailing list archives » linux-kernel » 2010 » August » 28

[PATCH 4/4] AppArmor: Fix locking from removal of profile namespace

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: John Johansen
Subject: [PATCH 4/4] AppArmor: Fix locking from removal of profile namespace
Date: Friday, August 27, 2010 - 6:33 pm

The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 3cdc1ad..52cc865 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1151,12 +1151,14 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
 		/* released below */
 		ns = aa_get_namespace(root);
 
-	write_lock(&ns->lock);
 	if (!name) {
 		/* remove namespace - can only happen if fqname[0] == ':' */
+		write_lock(&ns->parent->lock);
 		__remove_namespace(ns);
+		write_unlock(&ns->parent->lock);
 	} else {
 		/* remove profile */
+		write_lock(&ns->lock);
 		profile = aa_get_profile(__lookup_profile(&ns->base, name));
 		if (!profile) {
 			error = -ENOENT;
@@ -1165,8 +1167,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
 		}
 		name = profile->base.hname;
 		__remove_profile(profile);
+		write_unlock(&ns->lock);
 	}
-	write_unlock(&ns->lock);
 
 	/* don't fail removal if audit fails */
 	(void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
-- 
1.7.0.4

--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[Patch 0/4] AppArmor post 2.6.36 merge fixups, John Johansen, (Fri Aug 27, 6:33 pm)
[PATCH 1/4] AppArmor: Drop hack to remove appended &quot; (dele ..., John Johansen, (Fri Aug 27, 6:33 pm)
[PATCH 2/4] AppArmor: Fix security_task_setrlimit logic fo ..., John Johansen, (Fri Aug 27, 6:33 pm)
[PATCH 3/4] AppArmor: Fix splitting an fqname into separat ..., John Johansen, (Fri Aug 27, 6:33 pm)
[PATCH 4/4] AppArmor: Fix locking from removal of profile ..., John Johansen, (Fri Aug 27, 6:33 pm)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., John Johansen, (Sat Aug 28, 10:10 am)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., Jiri Slaby, (Sat Aug 28, 11:15 am)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., John Johansen, (Sat Aug 28, 1:35 pm)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., Jiri Slaby, (Sat Aug 28, 1:48 pm)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., John Johansen, (Mon Aug 30, 9:53 am)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., Jiri Slaby, (Mon Aug 30, 2:33 pm)
Re: [PATCH 2/4] AppArmor: Fix security_task_setrlimit logi ..., John Johansen, (Mon Sep 6, 10:10 am)