Re: [apparmor] Pidgin, 4.14, and App Armor Oops.

Thu, 23 Nov 2017 05:22:56 -0800 

Hello,

Am Mittwoch, 22. November 2017, 16:57:59 CET schrieb John Johansen:
> From 6ba06322267ea931be5f1f559965120d1e09b030 Mon Sep 17 00:00:00 2001
> From: John Johansen <john.johan...@canonical.com>
> Date: Wed, 22 Nov 2017 07:33:38 -0800
> Subject: [PATCH] apparmor: fix oops in audit_signal_cb hook
> 
> The apparmor_audit_data struct ordering got messed up during a merge
> conflict, resulting in the signal integer and peer pointer being in
> a union instead of a struct together.

If you need another bug reference:
https://bugzilla.opensuse.org/show_bug.cgi?id=1069562

I built a test kernel with a patch based on what you posted (the 
original patch didn't apply on the openSUSE kernel), and it seems to fix 
the issue. 
Note that I only run this kernel (4.14.1 + the patch) since 30 minutes, 
but OTOH I always got the oops within two minutes with 4.14.0 ;-)
(I did not test if "just" updating to 4.14.1 fixes the issue.)


My version of the patch is:
https://build.opensuse.org/package/show/home:cboltz:branches:Kernel:HEAD/kernel-default
 -> "link diff"

--- a/security/apparmor/include/audit.h 2017-11-22 22:46:30.771215108 +0100
+++ b/security/apparmor/include/audit.h 2017-11-22 22:48:27.398759948 +0100
@@ -121,10 +121,13 @@
                /* these entries require a custom callback fn */
                struct {
                        struct aa_label *peer;
-                       struct {
-                               const char *target;
-                               kuid_t ouid;
-                       } fs;
+                       union {
+                               struct {
+                                       const char *target;
+                                       kuid_t ouid;
+                               } fs;
+                               int signal;
+                       };
                        struct {
                                int type, protocol;
                                struct sock *sk;
@@ -135,7 +138,6 @@
                        const char *ns;
                        long pos;
                } iface;
-               int signal;
                struct {
                        int rlim;
                        unsigned long max;


If you think this patch this is close enough to your original patch, 
feel free to add
    Tested-by: Christian Boltz


Regards,

Christian Boltz
-- 
> PS.: Don't drink as root!
Das kann man gar nicht oft genug sagen: "uups, rm -rf * statt rm -rf *~
in /etc", das war eine Meisterleistung nachts um 3 mit 2.6 auf dem
Turm ;-))   [Volker Müller und Thomas Bendler in suse-linux]

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to