Hello, Am Mittwoch, 22. November 2017, 16:57:59 CET schrieb John Johansen: > From 6ba06322267ea931be5f1f559965120d1e09b030 Mon Sep 17 00:00:00 2001 > From: John Johansen <john.johan...@canonical.com> > Date: Wed, 22 Nov 2017 07:33:38 -0800 > Subject: [PATCH] apparmor: fix oops in audit_signal_cb hook > > The apparmor_audit_data struct ordering got messed up during a merge > conflict, resulting in the signal integer and peer pointer being in > a union instead of a struct together.
If you need another bug reference: https://bugzilla.opensuse.org/show_bug.cgi?id=1069562 I built a test kernel with a patch based on what you posted (the original patch didn't apply on the openSUSE kernel), and it seems to fix the issue. Note that I only run this kernel (4.14.1 + the patch) since 30 minutes, but OTOH I always got the oops within two minutes with 4.14.0 ;-) (I did not test if "just" updating to 4.14.1 fixes the issue.) My version of the patch is: https://build.opensuse.org/package/show/home:cboltz:branches:Kernel:HEAD/kernel-default -> "link diff" --- a/security/apparmor/include/audit.h 2017-11-22 22:46:30.771215108 +0100 +++ b/security/apparmor/include/audit.h 2017-11-22 22:48:27.398759948 +0100 @@ -121,10 +121,13 @@ /* these entries require a custom callback fn */ struct { struct aa_label *peer; - struct { - const char *target; - kuid_t ouid; - } fs; + union { + struct { + const char *target; + kuid_t ouid; + } fs; + int signal; + }; struct { int type, protocol; struct sock *sk; @@ -135,7 +138,6 @@ const char *ns; long pos; } iface; - int signal; struct { int rlim; unsigned long max; If you think this patch this is close enough to your original patch, feel free to add Tested-by: Christian Boltz Regards, Christian Boltz -- > PS.: Don't drink as root! Das kann man gar nicht oft genug sagen: "uups, rm -rf * statt rm -rf *~ in /etc", das war eine Meisterleistung nachts um 3 mit 2.6 auf dem Turm ;-)) [Volker Müller und Thomas Bendler in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor