On Wed, Apr 20, 2016 at 11:52:44PM -0700, John Johansen wrote: > When set atomic replacement is used and the parent is updated before the > child, and the child did not exist in the old parent so there is no > direct replacement then the new child is incorrectly added to the old > parent. This results in the new parent not having the child(ren) that > it should and the old parent when being destroyed asserting the > following error. > > AppArmor: policy_destroy: internal error, policy '<profile/name>' still > contains profiles > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > --- > security/apparmor/policy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c > index 222052f..c92a9f6 100644 > --- a/security/apparmor/policy.c > +++ b/security/apparmor/policy.c > @@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, > bool noreplace) > /* aafs interface uses replacedby */ > rcu_assign_pointer(ent->new->replacedby->profile, > aa_get_profile(ent->new)); > - __list_add_profile(&parent->base.profiles, ent->new); > + __list_add_profile(&newest->base.profiles, ent->new); > aa_put_profile(newest); > } else { > /* aafs interface uses replacedby */
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
