diff options
| author | John Johansen <john.johansen@canonical.com> | 2016-04-11 16:57:19 -0700 |
|---|---|---|
| committer | Jiri Slaby <jslaby@suse.cz> | 2017-01-27 11:16:05 +0100 |
| commit | 401f89b958557ec620e3b120536c46d9586a2ae3 (patch) | |
| tree | 2b7ee61921fff487920156a096bb50f3aeec5ee6 /security | |
| parent | 6265dbd49067df7b38b0ed20deaee10d9dae0e1f (diff) | |
| download | linux-401f89b958557ec620e3b120536c46d9586a2ae3.tar.gz linux-401f89b958557ec620e3b120536c46d9586a2ae3.tar.bz2 linux-401f89b958557ec620e3b120536c46d9586a2ae3.zip | |
apparmor: fix replacement bug that adds new child to old parent
commit ec34fa24a934f4c8fd68f39b84abf34c42e5b06a upstream.
When set atomic replacement is used and the parent is updated before the
child, and the child did not exist in the old parent so there is no
direct replacement then the new child is incorrectly added to the old
parent. This results in the new parent not having the child(ren) that
it should and the old parent when being destroyed asserting the
following error.
AppArmor: policy_destroy: internal error, policy '<profile/name>' still
contains profiles
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 222052f64e2c..c92a9f6c1be5 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace) /* aafs interface uses replacedby */ rcu_assign_pointer(ent->new->replacedby->profile, aa_get_profile(ent->new)); - __list_add_profile(&parent->base.profiles, ent->new); + __list_add_profile(&newest->base.profiles, ent->new); aa_put_profile(newest); } else { /* aafs interface uses replacedby */ |