apparmor: fix replacement bug that adds new child to old parent

When set atomic replacement is used and the parent is updated before the child, and the child did not exist in the old parent so there is no direct replacement then the new child is incorrectly added to the old parent. This results in the new parent not having the child(ren) that it should and the old parent when being destroyed asserting the following error. AppArmor: policy_destroy: internal error, policy '<profile/name>' still contains profiles Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2016-04-11 23:57:19 (GMT)
committer: John Johansen <john.johansen@canonical.com> 2016-07-12 15:43:10 (GMT)
commit: ec34fa24a934f4c8fd68f39b84abf34c42e5b06a (patch)
tree: 1ffe3fcae38b932de7ace29fed87dd4e98cf768a
parent: dcda617a0c5160c73e0aa02813c871339ea08004 (diff)
download: linux-ec34fa24a934f4c8fd68f39b84abf34c42e5b06a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 222052f..c92a9f6 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1193,7 +1193,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
 			/* aafs interface uses replacedby */
 			rcu_assign_pointer(ent->new->replacedby->profile,
 					   aa_get_profile(ent->new));
-			__list_add_profile(&parent->base.profiles, ent->new);
+			__list_add_profile(&newest->base.profiles, ent->new);
 			aa_put_profile(newest);
 		} else {
 			/* aafs interface uses replacedby */
author	John Johansen <john.johansen@canonical.com>	2016-04-11 23:57:19 (GMT)
committer	John Johansen <john.johansen@canonical.com>	2016-07-12 15:43:10 (GMT)
commit	ec34fa24a934f4c8fd68f39b84abf34c42e5b06a (patch)
tree	1ffe3fcae38b932de7ace29fed87dd4e98cf768a
parent	dcda617a0c5160c73e0aa02813c871339ea08004 (diff)
download	linux-ec34fa24a934f4c8fd68f39b84abf34c42e5b06a.tar.xz