Message ID | 1337700142-13370-5-git-send-email-john.johansen@canonical.com |
---|---|
State | New |
Headers | show |
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index b8100a7..39056af 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -904,6 +904,10 @@ struct aa_profile *aa_lookup_profile(struct aa_namespace *ns, const char *hname) profile = aa_get_profile(__lookup_profile(&ns->base, hname)); read_unlock(&ns->lock); + /* the unconfined profile is not in the regular profile list */ + if (!profile && strcmp(hname, "unconfined") == 0) + profile = aa_get_profile(ns->unconfined); + /* refcount released by caller */ return profile; }
OriginalLocation: security/next bf83208e0b7f5938f5a7f6d9dfa9960bf04692fa BugLink: http://bugs.launchpad.net/bugs/978038 also affects apparmor portion of BugLink: http://bugs.launchpad.net/bugs/987371 The unconfined profile is not stored in the regular profile list, but change_profile and exec transitions may want access to it when setting up specialized transitions like switch to the unconfined profile of a new policy namespace. Signed-off-by: John Johansen <john.johansen@canonical.com> --- security/apparmor/policy.c | 4 ++++ 1 file changed, 4 insertions(+)