From patchwork Tue Apr 13 07:09:35 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Johansen X-Patchwork-Id: 50040 X-Patchwork-Delegate: apw@canonical.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 98697B7CF5 for ; Tue, 13 Apr 2010 17:10:24 +1000 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1O1aGI-000600-Nv; Tue, 13 Apr 2010 08:10:18 +0100 Received: from adelie.canonical.com ([91.189.90.139]) by chlorine.canonical.com with esmtp (Exim 4.69) (envelope-from ) id 1O1aG1-0005l5-Ic for kernel-team@lists.ubuntu.com; Tue, 13 Apr 2010 08:10:01 +0100 Received: from hutte.canonical.com ([91.189.90.181]) by adelie.canonical.com with esmtp (Exim 4.69 #1 (Debian)) id 1O1aG1-0003Hf-ES; Tue, 13 Apr 2010 08:10:01 +0100 Received: from [96.225.230.137] (helo=canonical.com) by hutte.canonical.com with esmtpsa (TLS-1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from ) id 1O1aG0-0002ah-Tb; Tue, 13 Apr 2010 08:10:01 +0100 From: john.johansen@canonical.com To: kernel-team@lists.ubuntu.com Subject: [PATCH 06/11] AppArmor: Stop unconfined from inheriting replaced/removed children Date: Tue, 13 Apr 2010 00:09:35 -0700 Message-Id: <1271142580-26555-7-git-send-email-john.johansen@canonical.com> X-Mailer: git-send-email 1.7.0 In-Reply-To: <1271142580-26555-1-git-send-email-john.johansen@canonical.com> References: <1271142580-26555-1-git-send-email-john.johansen@canonical.com> X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com From: John Johansen OriginalAuthor: John Johansen OriginalLocation: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparm$ commit: 7c19603812a662c5138bc3a2bfc59db8a9338140 BugLink: http://bugs.launchpad.net/bugs/562052 When profile replacement/removal is done children are inherited by the replacement profile. However when there is no replacement specified replacement by the namespace's unconfined profile is done. However unconfined should not inherit children as they lose visibility and can not be removed resulting in a "leak" as those profiles memory will never get freed. Signed-off-by: John Johansen --- security/apparmor/policy.c | 17 +++++++++-------- 1 files changed, 9 insertions(+), 8 deletions(-) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 61f0043..45248be 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -444,19 +444,20 @@ static void __aa_replace_profile(struct aa_profile *old, new->ns = aa_get_namespace(old->ns); new->sid = old->sid; __aa_add_profile(&policy->profiles, new); + + /* inherit children */ + list_for_each_entry_safe(child, tmp, &old->base.profiles, + base.list) { + aa_put_profile(child->parent); + child->parent = aa_get_profile(new); + /* list refcount transfered to @new*/ + list_move(&child->base.list, &new->base.profiles); + } } else { /* refcount not taken, held via @old refcount */ new = old->ns->unconfined; } - /* inherit children */ - list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) { - aa_put_profile(child->parent); - child->parent = aa_get_profile(new); - /* list refcount transfered to @new*/ - list_move(&child->base.list, &new->base.profiles); - } - /* released by aa_free_profile */ old->replacedby = aa_get_profile(new); __aa_remove_profile(old);