summaryrefslogtreecommitdiff
path: root/ipc
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-07-10 21:08:43 -0700
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 11:42:06 -0700
commitfa2ac468db510c653499a47c1ec3deb045bf4763 (patch)
tree561c1c638d4e2c337712db0f2daf856a19560e2f /ipc
parent77b071b34045a0c65d0e1f85f3d47fd2b8b7a8a1 (diff)
apparmor: update how unconfined is handled
ns->unconfined is being used read side without locking, nor rcu but is being updated when a namespace is removed. This works for the root ns which is never removed but has a race window and can cause failures when children namespaces are removed. Also ns and ns->unconfined have a circular refcounting dependency that is problematic and must be broken. Currently this is done incorrectly when the namespace is destroyed. Fix this by forward referencing unconfined via the replacedby infrastructure instead of directly updating the ns->unconfined pointer. Remove the circular refcount dependency by making the ns and its unconfined profile share the same refcount. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions