On 05/09/2013 02:27 AM, John Johansen wrote: > On 05/08/2013 02:37 PM, Seth Arnold wrote: >> On Wed, May 01, 2013 at 02:30:47PM -0700, John Johansen wrote: >>
<< snip >> >> released (which means they take ns->unconfined->label for themselves), >> and then ns->unconfined is replaced with ns->parent->unconfined. >> >> While destroy_namespace() in newer iterations populates the replacedby >> struct, I'm worried that the aa_put_profile(unconfined) means the refcount >> is dropped despite processes actively using the original ns->unconfined. >> > the profile references around your concern look good (that is refcounts are > taken on ns->unconfined where needed) however there is an issue that needs > to be fixed. > - __profile_list_release is setting replacedby without dealing with potential > replacedby references that already exist > Ha no, I'm wrong ignore me. This is old code not using the shared replacedby it can not be set if the profile is on the list. So its okay -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
