AppArmor: kernel module fails to handle namespace removal correctly

Bug #615947 reported by John Johansen on 2010-08-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
John Johansen

Bug Description

As reported on lkml, there is a bug in AppArmor profile namespace removal that can lead to an oops are deadlock, when the namespace is specified without a profile.

eg. If the profile namespace foo, extists in the kernel
echo -n ":foo:" >/sys/kernel/security/apparmor/.remove

will trigger this bug.

Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux (Ubuntu):
status: New → Fix Released

Accepted linux into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

John Johansen (jjohansen) wrote :

Tested this on the kernel and it is working correctly

Steve Conklin (sconklin) on 2010-12-09
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers