[Apparmor-general] Re: character limits in subprofiles
Ben Beuchler
insyte at gmail.com
Sat Mar 7 12:58:57 MST 2009
Thanks, this will be quite helpful. In your opinion, should I open an
Ubuntu bug report in addition to the information you have already
forwarded to them?
Thanks again...
-Ben
On 3/6/09, John Johansen <jrjohansen at verizon.net> wrote:
> Ben Beuchler wrote:
>>>> Is this, in fact, a known bug in 2.1? If so, can you point me to the
>>>> documentation of the bug? I'm hoping to talk the Ubuntu team into
>>>> backporting the fix into the 8.0.4 LTS release.
>>>>
>>> Yes it is a known bug (sorry I don't have time to lookup the bug number
>>> right now) in the kernel modules handling of AppArmorFS. Basically it
>>> will only list as many names as can fit on a VM page, so the shorter the
>>> names the more it will list.
>>>
>>> I will dig up the fix and post the patch this afternoon when I have more
>>> time.
>>
>> The reason I started down the path that lead to (re)discovering this
>> bug was seeing apparmor_parser -[rR] lock up and start consuming 100%
>> of the CPU in an uninterruptible fashion. In my testing it appeared
>> that this no longer happened as long as I had fewer profiles than the
>> limit described above.
>>
>> Is that consistent with the bug you mentioned? Or is that an additional
>> issue?
>>
> sorry this ended up taking me so long to get back to,
>
> Yes this is consistent. The problem is that when it has more entries
> than a page, it also messes up the locking so that profile
> replacement/removal will fail spinning on the lock that will never get
> released consuming 100% cpu. :(
>
> The patch is attached, and I have forwarded it to Ubuntu
>
> john
>
--
Sent from my mobile device
More information about the Apparmor-general
mailing list