Patchwork [1/4] AppArmor: Remove null_profile's use of PFLAG_NO_LIST_REF

login
register
mail settings
Submitter John Johansen
Date March 30, 2010, 5:39 p.m.
Message ID <1269970750-25624-2-git-send-email-john.johansen@canonical.com>
Download mbox | patch
Permalink /patch/48998/
State Accepted
Delegated to: Andy Whitcroft
Headers show

Comments

John Johansen - March 30, 2010, 5:39 p.m.
From: John Johansen <john.johansen@canonical.com>

Buglink: http://launchpad.net/bugs/539437

null_profile's currently have a list ref so they should not be using the
PFLAG_NO_LIST_REF flag, which prevent them from having their references
put correctly resulting in a leak.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

Patch

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index a3b6dc4..a92ad82 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -229,10 +229,7 @@  static struct aa_namespace *aa_alloc_namespace(const char *name)
 	INIT_LIST_HEAD(&ns->sub_ns);
 	rwlock_init(&ns->lock);
 
-	/*
-	 * null profile is not added to the profile list,
-	 * released by aa_free_namespace
-	 */
+	/* released by aa_free_namespace */
 	ns->unconfined = aa_alloc_profile("unconfined");
 	if (!ns->unconfined)
 		goto fail_unconfined;
@@ -631,7 +628,7 @@  struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
 
 	profile->sid = sid;
 	profile->mode = APPARMOR_COMPLAIN;
-	profile->flags = PFLAG_NULL | PFLAG_NO_LIST_REF;
+	profile->flags = PFLAG_NULL;
 	if (hat)
 		profile->flags |= PFLAG_HAT;