• John Johansen's avatar
    apparmor: update how unconfined is handled · fa2ac468
    John Johansen authored
    ns->unconfined is being used read side without locking, nor rcu but is
    being updated when a namespace is removed. This works for the root ns
    which is never removed but has a race window and can cause failures when
    children namespaces are removed.
    
    Also ns and ns->unconfined have a circular refcounting dependency that
    is problematic and must be broken. Currently this is done incorrectly
    when the namespace is destroyed.
    
    Fix this by forward referencing unconfined via the replacedby infrastructure
    instead of directly updating the ns->unconfined pointer.
    
    Remove the circular refcount dependency by making the ns and its unconfined
    profile share the same refcount.
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
    fa2ac468
policy.c 33.7 KB