On Mon, Oct 9, 2023 at 2:40 AM Andreas Steinmetz <[email protected]> wrote: > On Sat, Oct 7, 2023 at 12:07 AM Paul Moore <[email protected]> wrote: > > > > Does anyone else have any bright ideas or crazy thoughts on this? > > > > Well, not really an idea and for sure either crazy or dumb: > > Why not use the data already available from DEFINE_AUDIT_DATA() to > determine the call path (or add a modifiable field to the struct) and > handle locking accordingly?
It's possible I'm missing something as I'm not very familiar with the AppArmor details, but I'm not sure how this would solve the problem; can you elaborate on this? > Anyway, this problem can be seen as a DoS vector. Any malicious code > could trigger some audit causing a system lockup. So however ugly the > solution this needs to be solved. I don't think anyone is objecting to resolving this, it's more a matter of *how* we can resolve it. -- paul-moore.com
