Commit ec34fa24 authored by John Johansen's avatar John Johansen

apparmor: fix replacement bug that adds new child to old parent

When set atomic replacement is used and the parent is updated before the
child, and the child did not exist in the old parent so there is no
direct replacement then the new child is incorrectly added to the old
parent. This results in the new parent not having the child(ren) that
it should and the old parent when being destroyed asserting the
following error.

AppArmor: policy_destroy: internal error, policy '<profile/name>' still
contains profiles
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
parent dcda617a
...@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace) ...@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
/* aafs interface uses replacedby */ /* aafs interface uses replacedby */
rcu_assign_pointer(ent->new->replacedby->profile, rcu_assign_pointer(ent->new->replacedby->profile,
aa_get_profile(ent->new)); aa_get_profile(ent->new));
__list_add_profile(&parent->base.profiles, ent->new); __list_add_profile(&newest->base.profiles, ent->new);
aa_put_profile(newest); aa_put_profile(newest);
} else { } else {
/* aafs interface uses replacedby */ /* aafs interface uses replacedby */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment