[Apparmor-general] character limits in subprofiles
Ben Beuchler
insyte at gmail.com
Thu Mar 5 00:33:53 MST 2009
>> Is this, in fact, a known bug in 2.1? If so, can you point me to the
>> documentation of the bug? I'm hoping to talk the Ubuntu team into
>> backporting the fix into the 8.0.4 LTS release.
>>
> Yes it is a known bug (sorry I don't have time to lookup the bug number
> right now) in the kernel modules handling of AppArmorFS. Basically it
> will only list as many names as can fit on a VM page, so the shorter the
> names the more it will list.
>
> I will dig up the fix and post the patch this afternoon when I have more
> time.
The reason I started down the path that lead to (re)discovering this
bug was seeing apparmor_parser -[rR] lock up and start consuming 100%
of the CPU in an uninterruptible fashion. In my testing it appeared
that this no longer happened as long as I had fewer profiles than the
limit described above.
Is that consistent with the bug you mentioned? Or is that an additional issue?
Thanks!
-Ben
More information about the Apparmor-general
mailing list