Ubuntu
linux package

AppArmor: kernel module fails to handle namespace removal correctly

Bug #615947 reported by John Johansen
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
John Johansen

Bug Description

As reported on lkml, there is a bug in AppArmor profile namespace removal that can lead to an oops are deadlock, when the namespace is specified without a profile.

eg. If the profile namespace foo, extists in the kernel
echo -n ":foo:" >/sys/kernel/security/apparmor/.remove

will trigger this bug.

John Johansen (jjohansen)
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Revision history for this message
kernel-janitor (kernel-janitor) wrote : RE: <built-in method title of str object at 0xb777f060>

Fix released in 2.6.35-22.32

https://launchpad.net/ubuntu/+source/linux/2.6.35-22.32

Changed in linux (Ubuntu):
status: New → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted linux into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message
John Johansen (jjohansen) wrote :

Tested this on the kernel and it is working correctly

Steve Conklin (sconklin)
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.