apparmor: update how unconfined is handled
authorJohn Johansen <john.johansen@canonical.com>
Thu, 11 Jul 2013 04:08:43 +0000 (21:08 -0700)
committerJohn Johansen <john.johansen@canonical.com>
Wed, 14 Aug 2013 18:42:06 +0000 (11:42 -0700)
commitfa2ac468db510c653499a47c1ec3deb045bf4763
tree561c1c638d4e2c337712db0f2daf856a19560e2f
parent77b071b34045a0c65d0e1f85f3d47fd2b8b7a8a1
apparmor: update how unconfined is handled

ns->unconfined is being used read side without locking, nor rcu but is
being updated when a namespace is removed. This works for the root ns
which is never removed but has a race window and can cause failures when
children namespaces are removed.

Also ns and ns->unconfined have a circular refcounting dependency that
is problematic and must be broken. Currently this is done incorrectly
when the namespace is destroyed.

Fix this by forward referencing unconfined via the replacedby infrastructure
instead of directly updating the ns->unconfined pointer.

Remove the circular refcount dependency by making the ns and its unconfined
profile share the same refcount.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
security/apparmor/domain.c
security/apparmor/include/policy.h
security/apparmor/policy.c