<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/security/apparmor/policy.c, branch v4.9</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>apparmor: fix module parameters can be changed after policy is locked</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-06-23T01:01:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=58acf9d911c8831156634a44d0b022d683e1e50c'/>
<id>58acf9d911c8831156634a44d0b022d683e1e50c</id>
<content type='text'>
the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
the policy_lock parameter is a one way switch that prevents policy
from being further modified. Unfortunately some of the module parameters
can effectively modify policy by turning off enforcement.

split policy_admin_capable into a view check and a full admin check,
and update the admin check to test the policy_lock parameter.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix refcount race when finding a child profile</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2015-12-17T02:09:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=de7c4cc947f9f56f61520ee7edaf380434a98c8d'/>
<id>de7c4cc947f9f56f61520ee7edaf380434a98c8d</id>
<content type='text'>
When finding a child profile via an rcu critical section, the profile
may be put and scheduled for deletion after the child is found but
before its refcount is incremented.

Protect against this by repeating the lookup if the profiles refcount
is 0 and is one its way to deletion.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When finding a child profile via an rcu critical section, the profile
may be put and scheduled for deletion after the child is found but
before its refcount is incremented.

Protect against this by repeating the lookup if the profiles refcount
is 0 and is one its way to deletion.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix audit full profile hname on successful load</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-04-16T21:19:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=7ee6da25dcce27b6023a8673fdf8be98dcf7cacf'/>
<id>7ee6da25dcce27b6023a8673fdf8be98dcf7cacf</id>
<content type='text'>
Currently logging of a successful profile load only logs the basename
of the profile. This can result in confusion when a child profile has
the same name as the another profile in the set. Logging the hname
will ensure there is no confusion.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently logging of a successful profile load only logs the basename
of the profile. This can result in confusion when a child profile has
the same name as the another profile in the set. Logging the hname
will ensure there is no confusion.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix log failures for all profiles in a set</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-04-16T21:16:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=bf15cf0c641be8e57d45f110a9d91464f5bb461a'/>
<id>bf15cf0c641be8e57d45f110a9d91464f5bb461a</id>
<content type='text'>
currently only the profile that is causing the failure is logged. This
makes it more confusing than necessary about which profiles loaded
and which didn't. So make sure to log success and failure messages for
all profiles in the set being loaded.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
currently only the profile that is causing the failure is logged. This
makes it more confusing than necessary about which profiles loaded
and which didn't. So make sure to log success and failure messages for
all profiles in the set being loaded.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix put() parent ref after updating the active ref</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-04-16T20:59:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=f351841f8d41072e741e45299070d421a5833a4a'/>
<id>f351841f8d41072e741e45299070d421a5833a4a</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix replacement bug that adds new child to old parent</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-04-11T23:57:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ec34fa24a934f4c8fd68f39b84abf34c42e5b06a'/>
<id>ec34fa24a934f4c8fd68f39b84abf34c42e5b06a</id>
<content type='text'>
When set atomic replacement is used and the parent is updated before the
child, and the child did not exist in the old parent so there is no
direct replacement then the new child is incorrectly added to the old
parent. This results in the new parent not having the child(ren) that
it should and the old parent when being destroyed asserting the
following error.

AppArmor: policy_destroy: internal error, policy '&lt;profile/name&gt;' still
contains profiles

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When set atomic replacement is used and the parent is updated before the
child, and the child did not exist in the old parent so there is no
direct replacement then the new child is incorrectly added to the old
parent. This results in the new parent not having the child(ren) that
it should and the old parent when being destroyed asserting the
following error.

AppArmor: policy_destroy: internal error, policy '&lt;profile/name&gt;' still
contains profiles

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix refcount bug in profile replacement</title>
<updated>2016-07-12T15:43:10+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2016-04-11T23:55:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=dcda617a0c5160c73e0aa02813c871339ea08004'/>
<id>dcda617a0c5160c73e0aa02813c871339ea08004</id>
<content type='text'>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Acked-by: Seth Arnold &lt;seth.arnold@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix memleak of the profile hash</title>
<updated>2013-10-16T00:53:59+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-10-14T18:44:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5cb3e91ebd0405519795f243adbfc4ed2a6fe53f'/>
<id>5cb3e91ebd0405519795f243adbfc4ed2a6fe53f</id>
<content type='text'>
BugLink: http://bugs.launchpad.net/bugs/1235523

This fixes the following kmemleak trace:
unreferenced object 0xffff8801e8c35680 (size 32):
  comm "apparmor_parser", pid 691, jiffies 4294895667 (age 13230.876s)
  hex dump (first 32 bytes):
    e0 d3 4e b5 ac 6d f4 ed 3f cb ee 48 1c fd 40 cf  ..N..m..?..H..@.
    5b cc e9 93 00 00 00 00 00 00 00 00 00 00 00 00  [...............
  backtrace:
    [&lt;ffffffff817a97ee&gt;] kmemleak_alloc+0x4e/0xb0
    [&lt;ffffffff811ca9f3&gt;] __kmalloc+0x103/0x290
    [&lt;ffffffff8138acbc&gt;] aa_calc_profile_hash+0x6c/0x150
    [&lt;ffffffff8138074d&gt;] aa_unpack+0x39d/0xd50
    [&lt;ffffffff8137eced&gt;] aa_replace_profiles+0x3d/0xd80
    [&lt;ffffffff81376937&gt;] profile_replace+0x37/0x50
    [&lt;ffffffff811e9f2d&gt;] vfs_write+0xbd/0x1e0
    [&lt;ffffffff811ea96c&gt;] SyS_write+0x4c/0xa0
    [&lt;ffffffff817ccb1d&gt;] system_call_fastpath+0x1a/0x1f
    [&lt;ffffffffffffffff&gt;] 0xffffffffffffffff

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
BugLink: http://bugs.launchpad.net/bugs/1235523

This fixes the following kmemleak trace:
unreferenced object 0xffff8801e8c35680 (size 32):
  comm "apparmor_parser", pid 691, jiffies 4294895667 (age 13230.876s)
  hex dump (first 32 bytes):
    e0 d3 4e b5 ac 6d f4 ed 3f cb ee 48 1c fd 40 cf  ..N..m..?..H..@.
    5b cc e9 93 00 00 00 00 00 00 00 00 00 00 00 00  [...............
  backtrace:
    [&lt;ffffffff817a97ee&gt;] kmemleak_alloc+0x4e/0xb0
    [&lt;ffffffff811ca9f3&gt;] __kmalloc+0x103/0x290
    [&lt;ffffffff8138acbc&gt;] aa_calc_profile_hash+0x6c/0x150
    [&lt;ffffffff8138074d&gt;] aa_unpack+0x39d/0xd50
    [&lt;ffffffff8137eced&gt;] aa_replace_profiles+0x3d/0xd80
    [&lt;ffffffff81376937&gt;] profile_replace+0x37/0x50
    [&lt;ffffffff811e9f2d&gt;] vfs_write+0xbd/0x1e0
    [&lt;ffffffff811ea96c&gt;] SyS_write+0x4c/0xa0
    [&lt;ffffffff817ccb1d&gt;] system_call_fastpath+0x1a/0x1f
    [&lt;ffffffffffffffff&gt;] 0xffffffffffffffff

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: fix suspicious RCU usage warning in policy.c/policy.h</title>
<updated>2013-09-29T23:54:01+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-09-29T15:39:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4cd4fc77032dca46fe7475d81461e29145db247a'/>
<id>4cd4fc77032dca46fe7475d81461e29145db247a</id>
<content type='text'>
The recent 3.12 pull request for apparmor was missing a couple rcu _protected
access modifiers. Resulting in the follow suspicious RCU usage

 [   29.804534] [ INFO: suspicious RCU usage. ]
 [   29.804539] 3.11.0+ #5 Not tainted
 [   29.804541] -------------------------------
 [   29.804545] security/apparmor/include/policy.h:363 suspicious rcu_dereference_check() usage!
 [   29.804548]
 [   29.804548] other info that might help us debug this:
 [   29.804548]
 [   29.804553]
 [   29.804553] rcu_scheduler_active = 1, debug_locks = 1
 [   29.804558] 2 locks held by apparmor_parser/1268:
 [   29.804560]  #0:  (sb_writers#9){.+.+.+}, at: [&lt;ffffffff81120a4c&gt;] file_start_write+0x27/0x29
 [   29.804576]  #1:  (&amp;ns-&gt;lock){+.+.+.}, at: [&lt;ffffffff811f5d88&gt;] aa_replace_profiles+0x166/0x57c
 [   29.804589]
 [   29.804589] stack backtrace:
 [   29.804595] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
 [   29.804599] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
 [   29.804602]  0000000000000000 ffff8800b95a1d90 ffffffff8144eb9b ffff8800b94db540
 [   29.804611]  ffff8800b95a1dc0 ffffffff81087439 ffff880138cc3a18 ffff880138cc3a18
 [   29.804619]  ffff8800b9464a90 ffff880138cc3a38 ffff8800b95a1df0 ffffffff811f5084
 [   29.804628] Call Trace:
 [   29.804636]  [&lt;ffffffff8144eb9b&gt;] dump_stack+0x4e/0x82
 [   29.804642]  [&lt;ffffffff81087439&gt;] lockdep_rcu_suspicious+0xfc/0x105
 [   29.804649]  [&lt;ffffffff811f5084&gt;] __aa_update_replacedby+0x53/0x7f
 [   29.804655]  [&lt;ffffffff811f5408&gt;] __replace_profile+0x11f/0x1ed
 [   29.804661]  [&lt;ffffffff811f6032&gt;] aa_replace_profiles+0x410/0x57c
 [   29.804668]  [&lt;ffffffff811f16d4&gt;] profile_replace+0x35/0x4c
 [   29.804674]  [&lt;ffffffff81120fa3&gt;] vfs_write+0xad/0x113
 [   29.804680]  [&lt;ffffffff81121609&gt;] SyS_write+0x44/0x7a
 [   29.804687]  [&lt;ffffffff8145bfd2&gt;] system_call_fastpath+0x16/0x1b
 [   29.804691]
 [   29.804694] ===============================
 [   29.804697] [ INFO: suspicious RCU usage. ]
 [   29.804700] 3.11.0+ #5 Not tainted
 [   29.804703] -------------------------------
 [   29.804706] security/apparmor/policy.c:566 suspicious rcu_dereference_check() usage!
 [   29.804709]
 [   29.804709] other info that might help us debug this:
 [   29.804709]
 [   29.804714]
 [   29.804714] rcu_scheduler_active = 1, debug_locks = 1
 [   29.804718] 2 locks held by apparmor_parser/1268:
 [   29.804721]  #0:  (sb_writers#9){.+.+.+}, at: [&lt;ffffffff81120a4c&gt;] file_start_write+0x27/0x29
 [   29.804733]  #1:  (&amp;ns-&gt;lock){+.+.+.}, at: [&lt;ffffffff811f5d88&gt;] aa_replace_profiles+0x166/0x57c
 [   29.804744]
 [   29.804744] stack backtrace:
 [   29.804750] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
 [   29.804753] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
 [   29.804756]  0000000000000000 ffff8800b95a1d80 ffffffff8144eb9b ffff8800b94db540
 [   29.804764]  ffff8800b95a1db0 ffffffff81087439 ffff8800b95b02b0 0000000000000000
 [   29.804772]  ffff8800b9efba08 ffff880138cc3a38 ffff8800b95a1dd0 ffffffff811f4f94
 [   29.804779] Call Trace:
 [   29.804786]  [&lt;ffffffff8144eb9b&gt;] dump_stack+0x4e/0x82
 [   29.804791]  [&lt;ffffffff81087439&gt;] lockdep_rcu_suspicious+0xfc/0x105
 [   29.804798]  [&lt;ffffffff811f4f94&gt;] aa_free_replacedby_kref+0x4d/0x62
 [   29.804804]  [&lt;ffffffff811f4f47&gt;] ? aa_put_namespace+0x17/0x17
 [   29.804810]  [&lt;ffffffff811f4f0b&gt;] kref_put+0x36/0x40
 [   29.804816]  [&lt;ffffffff811f5423&gt;] __replace_profile+0x13a/0x1ed
 [   29.804822]  [&lt;ffffffff811f6032&gt;] aa_replace_profiles+0x410/0x57c
 [   29.804829]  [&lt;ffffffff811f16d4&gt;] profile_replace+0x35/0x4c
 [   29.804835]  [&lt;ffffffff81120fa3&gt;] vfs_write+0xad/0x113
 [   29.804840]  [&lt;ffffffff81121609&gt;] SyS_write+0x44/0x7a
 [   29.804847]  [&lt;ffffffff8145bfd2&gt;] system_call_fastpath+0x16/0x1b

Reported-by: miles.lane@gmail.com
CC: paulmck@linux.vnet.ibm.com
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The recent 3.12 pull request for apparmor was missing a couple rcu _protected
access modifiers. Resulting in the follow suspicious RCU usage

 [   29.804534] [ INFO: suspicious RCU usage. ]
 [   29.804539] 3.11.0+ #5 Not tainted
 [   29.804541] -------------------------------
 [   29.804545] security/apparmor/include/policy.h:363 suspicious rcu_dereference_check() usage!
 [   29.804548]
 [   29.804548] other info that might help us debug this:
 [   29.804548]
 [   29.804553]
 [   29.804553] rcu_scheduler_active = 1, debug_locks = 1
 [   29.804558] 2 locks held by apparmor_parser/1268:
 [   29.804560]  #0:  (sb_writers#9){.+.+.+}, at: [&lt;ffffffff81120a4c&gt;] file_start_write+0x27/0x29
 [   29.804576]  #1:  (&amp;ns-&gt;lock){+.+.+.}, at: [&lt;ffffffff811f5d88&gt;] aa_replace_profiles+0x166/0x57c
 [   29.804589]
 [   29.804589] stack backtrace:
 [   29.804595] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
 [   29.804599] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
 [   29.804602]  0000000000000000 ffff8800b95a1d90 ffffffff8144eb9b ffff8800b94db540
 [   29.804611]  ffff8800b95a1dc0 ffffffff81087439 ffff880138cc3a18 ffff880138cc3a18
 [   29.804619]  ffff8800b9464a90 ffff880138cc3a38 ffff8800b95a1df0 ffffffff811f5084
 [   29.804628] Call Trace:
 [   29.804636]  [&lt;ffffffff8144eb9b&gt;] dump_stack+0x4e/0x82
 [   29.804642]  [&lt;ffffffff81087439&gt;] lockdep_rcu_suspicious+0xfc/0x105
 [   29.804649]  [&lt;ffffffff811f5084&gt;] __aa_update_replacedby+0x53/0x7f
 [   29.804655]  [&lt;ffffffff811f5408&gt;] __replace_profile+0x11f/0x1ed
 [   29.804661]  [&lt;ffffffff811f6032&gt;] aa_replace_profiles+0x410/0x57c
 [   29.804668]  [&lt;ffffffff811f16d4&gt;] profile_replace+0x35/0x4c
 [   29.804674]  [&lt;ffffffff81120fa3&gt;] vfs_write+0xad/0x113
 [   29.804680]  [&lt;ffffffff81121609&gt;] SyS_write+0x44/0x7a
 [   29.804687]  [&lt;ffffffff8145bfd2&gt;] system_call_fastpath+0x16/0x1b
 [   29.804691]
 [   29.804694] ===============================
 [   29.804697] [ INFO: suspicious RCU usage. ]
 [   29.804700] 3.11.0+ #5 Not tainted
 [   29.804703] -------------------------------
 [   29.804706] security/apparmor/policy.c:566 suspicious rcu_dereference_check() usage!
 [   29.804709]
 [   29.804709] other info that might help us debug this:
 [   29.804709]
 [   29.804714]
 [   29.804714] rcu_scheduler_active = 1, debug_locks = 1
 [   29.804718] 2 locks held by apparmor_parser/1268:
 [   29.804721]  #0:  (sb_writers#9){.+.+.+}, at: [&lt;ffffffff81120a4c&gt;] file_start_write+0x27/0x29
 [   29.804733]  #1:  (&amp;ns-&gt;lock){+.+.+.}, at: [&lt;ffffffff811f5d88&gt;] aa_replace_profiles+0x166/0x57c
 [   29.804744]
 [   29.804744] stack backtrace:
 [   29.804750] CPU: 0 PID: 1268 Comm: apparmor_parser Not tainted 3.11.0+ #5
 [   29.804753] Hardware name: ASUSTeK Computer Inc.         UL50VT          /UL50VT    , BIOS 217     03/01/2010
 [   29.804756]  0000000000000000 ffff8800b95a1d80 ffffffff8144eb9b ffff8800b94db540
 [   29.804764]  ffff8800b95a1db0 ffffffff81087439 ffff8800b95b02b0 0000000000000000
 [   29.804772]  ffff8800b9efba08 ffff880138cc3a38 ffff8800b95a1dd0 ffffffff811f4f94
 [   29.804779] Call Trace:
 [   29.804786]  [&lt;ffffffff8144eb9b&gt;] dump_stack+0x4e/0x82
 [   29.804791]  [&lt;ffffffff81087439&gt;] lockdep_rcu_suspicious+0xfc/0x105
 [   29.804798]  [&lt;ffffffff811f4f94&gt;] aa_free_replacedby_kref+0x4d/0x62
 [   29.804804]  [&lt;ffffffff811f4f47&gt;] ? aa_put_namespace+0x17/0x17
 [   29.804810]  [&lt;ffffffff811f4f0b&gt;] kref_put+0x36/0x40
 [   29.804816]  [&lt;ffffffff811f5423&gt;] __replace_profile+0x13a/0x1ed
 [   29.804822]  [&lt;ffffffff811f6032&gt;] aa_replace_profiles+0x410/0x57c
 [   29.804829]  [&lt;ffffffff811f16d4&gt;] profile_replace+0x35/0x4c
 [   29.804835]  [&lt;ffffffff81120fa3&gt;] vfs_write+0xad/0x113
 [   29.804840]  [&lt;ffffffff81121609&gt;] SyS_write+0x44/0x7a
 [   29.804847]  [&lt;ffffffff8145bfd2&gt;] system_call_fastpath+0x16/0x1b

Reported-by: miles.lane@gmail.com
CC: paulmck@linux.vnet.ibm.com
Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
Signed-off-by: James Morris &lt;james.l.morris@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>apparmor: add interface files for profiles and namespaces</title>
<updated>2013-08-14T18:42:07+00:00</updated>
<author>
<name>John Johansen</name>
<email>john.johansen@canonical.com</email>
</author>
<published>2013-07-11T04:13:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0d259f043f5f60f74c4fd020aac190cb6450e918'/>
<id>0d259f043f5f60f74c4fd020aac190cb6450e918</id>
<content type='text'>
Add basic interface files to access namespace and profile information.
The interface files are created when a profile is loaded and removed
when the profile or namespace is removed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add basic interface files to access namespace and profile information.
The interface files are created when a profile is loaded and removed
when the profile or namespace is removed.

Signed-off-by: John Johansen &lt;john.johansen@canonical.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
