Commit Graph

11 Commits

Author SHA1 Message Date
John Johansen
2e680dd61e apparmor: fix IRQ stack overflow during free_profile
BugLink: http://bugs.launchpad.net/bugs/1056078

Profile replacement can cause long chains of profiles to build up when
the profile being replaced is pinned. When the pinned profile is finally
freed, it puts the reference to its replacement, which may in turn nest
another call to free_profile on the stack. Because this may happen for
each profile in the replacedby chain this can result in a recusion that
causes the stack to overflow.

Break this nesting by directly walking the chain of replacedby profiles
(ie. use iteration instead of recursion to free the list). This results
in at most 2 levels of free_profile being called, while freeing a
replacedby chain.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-10-25 02:12:50 +11:00
James Morris
ff2bb047c4 Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next
Per pull request, for 3.5.
2012-05-22 11:21:06 +10:00
John Johansen
bf83208e0b apparmor: fix profile lookup for unconfined
BugLink: http://bugs.launchpad.net/bugs/978038

also affects apparmor portion of
BugLink: http://bugs.launchpad.net/bugs/987371

The unconfined profile is not stored in the regular profile list, but
change_profile and exec transitions may want access to it when setting
up specialized transitions like switch to the unconfined profile of a
new policy namespace.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-05-18 11:09:28 -07:00
Eric Paris
50c205f5e5 LSM: do not initialize common_audit_data to 0
It isn't needed.  If you don't set the type of the data associated with
that type it is a pretty obvious programming bug.  So why waste the cycles?

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-04-09 12:23:04 -04:00
Eric Paris
bd5e50f9c1 LSM: remove the COMMON_AUDIT_DATA_INIT type expansion
Just open code it so grep on the source code works better.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-04-09 12:23:01 -04:00
Eric Paris
3b3b0e4fc1 LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-04-03 09:48:40 -07:00
Jan Engelhardt
2d4cee7e3a AppArmor: add const qualifiers to string arrays
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-03-14 19:09:13 -07:00
John Johansen
ad5ff3db53 AppArmor: Add ability to load extended policy
Add the base support for the new policy extensions. This does not bring
any additional functionality, or change current semantics.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
2012-03-14 19:09:03 -07:00
wzt.wzt@gmail.com
246c3fb16b APPARMOR: Fix memory leak of alloc_namespace()
policy->name is a substring of policy->hname, if prefix is not NULL, it will
allocted strlen(prefix) + strlen(name) + 3 bytes to policy->hname in policy_init().
use kzfree(ns->base.name) will casue memory leak if alloc_namespace() failed.

Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-11-11 07:36:18 +11:00
John Johansen
999b4f0aa2 AppArmor: Fix locking from removal of profile namespace
The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-09-08 09:19:34 +10:00
John Johansen
c88d4c7b04 AppArmor: core policy routines
The basic routines and defines for AppArmor policy.  AppArmor policy
is defined by a few basic components.
      profiles - the basic unit of confinement contain all the information
                 to enforce policy on a task

                 Profiles tend to be named after an executable that they
                 will attach to but this is not required.
      namespaces - a container for a set of profiles that will be used
                 during attachment and transitions between profiles.
      sids - which provide a unique id for each profile

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-08-02 15:38:37 +10:00