Ubuntu

AppArmor: kernel module fails to handle namespace removal correctly

Reported by John Johansen on 2010-08-10
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
John Johansen

Bug Description

As reported on lkml, there is a bug in AppArmor profile namespace removal that can lead to an oops are deadlock, when the namespace is specified without a profile.

eg. If the profile namespace foo, extists in the kernel
echo -n ":foo:" >/sys/kernel/security/apparmor/.remove

will trigger this bug.

Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux (Ubuntu):
status: New → Fix Released

Accepted linux into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

John Johansen (jjohansen) wrote :

Tested this on the kernel and it is working correctly

Steve Conklin (sconklin) on 2010-12-09
tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers