forked from Minki/linux
fa2ac468db
ns->unconfined is being used read side without locking, nor rcu but is being updated when a namespace is removed. This works for the root ns which is never removed but has a race window and can cause failures when children namespaces are removed. Also ns and ns->unconfined have a circular refcounting dependency that is problematic and must be broken. Currently this is done incorrectly when the namespace is destroyed. Fix this by forward referencing unconfined via the replacedby infrastructure instead of directly updating the ns->unconfined pointer. Remove the circular refcount dependency by making the ns and its unconfined profile share the same refcount. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> |
||
|---|---|---|
| .. | ||
| apparmor.h | ||
| apparmorfs.h | ||
| audit.h | ||
| capability.h | ||
| context.h | ||
| domain.h | ||
| file.h | ||
| ipc.h | ||
| match.h | ||
| path.h | ||
| policy_unpack.h | ||
| policy.h | ||
| procattr.h | ||
| resource.h | ||
| sid.h | ||