Creating a new namespace results in an AppArmor WARN

Bug #1544389 reported by Tyler Hicks
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Triaged
High
John Johansen

Bug Description

Aftering creating a new namespace with the following command:

$ echo ":namespace:p {}" | sudo apparmor_parser -qr

Check the syslog for an AppArmor WARN:

------------[ cut here ]------------
WARNING: CPU: 0 PID: 2055 at /build/linux-NgsOGa/linux-4.2.0/security/apparmor/apparmorfs.c:690 __aa_fs_namespace_mkdir+0x182/0x1e0()
AppArmor WARN __aa_fs_namespace_mkdir: ((!mutex_is_locked(&ns->lock))):
Modules linked in:
 kvm_intel kvm crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd input_leds joydev serio_raw i2c_piix4 8250_fintek mac_hid parport_pc ppdev lp parport autofs4 vmwgfx ttm drm_kms_helper psmouse drm floppy pata_acpi
CPU: 0 PID: 2055 Comm: apparmor_parser Tainted: G W 4.2.0-27-generic #32-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
 0000000000000000 000000004aa409a6 ffff88003bbdfcc8 ffffffff817eae99
 0000000000000000 ffff88003bbdfd20 ffff88003bbdfd08 ffffffff8107b9c6
 ffff8800397c52c4 ffff88003978a820 ffff88003d4f6e40 ffff88003a93ac00
Call Trace:
 [<ffffffff817eae99>] dump_stack+0x45/0x57
 [<ffffffff8107b9c6>] warn_slowpath_common+0x86/0xc0
 [<ffffffff8107ba55>] warn_slowpath_fmt+0x55/0x70
 [<ffffffff8136ccb7>] ? aa_alloc_replacedby+0x27/0x80
 [<ffffffff8135e8b2>] __aa_fs_namespace_mkdir+0x182/0x1e0
 [<ffffffff81365939>] aa_replace_profiles+0x929/0xf30
 [<ffffffff813267d8>] ? security_capable+0x48/0x60
 [<ffffffff811df28d>] ? __kmalloc+0x1ad/0x250
 [<ffffffff813603a1>] ? __aa_kvmalloc+0x41/0x60
 [<ffffffff8135d3e7>] profile_replace+0x37/0x60
 [<ffffffff811fd068>] __vfs_write+0x18/0x40
 [<ffffffff811fd9f6>] vfs_write+0xa6/0x1a0
 [<ffffffff811fc9af>] ? do_sys_open+0x1bf/0x280
 [<ffffffff811fe6e5>] SyS_write+0x55/0xc0
 [<ffffffff817f1c72>] entry_SYSCALL_64_fastpath+0x16/0x75
---[ end trace eb040f6cc3cf8ca3 ]---

$ uname -a
Linux sec-wily-amd64 4.2.0-27-generic #32-Ubuntu SMP Fri Jan 22 04:49:08 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Tags: aa-kernel
Tyler Hicks (tyhicks)
tags: added: aa-kernel
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Assigning this to John since he is fixing this for Xenial.

Changed in apparmor:
assignee: nobody → John Johansen (jjohansen)
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.