summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/policy.h
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2013-07-10 21:10:43 -0700
committerJohn Johansen <john.johansen@canonical.com>2013-08-14 11:42:06 -0700
commit742058b0f3a2ed32e2a7349aff97989dc4e32452 (patch)
tree25cc9f3f65e0b7889d5509396f6727d29a47ff57 /security/apparmor/include/policy.h
parentfa2ac468db510c653499a47c1ec3deb045bf4763 (diff)
downloadlinux-742058b0f3a2ed32e2a7349aff97989dc4e32452.tar.bz2
apparmor: rework namespace free path
namespaces now completely use the unconfined profile to track the refcount and rcu freeing cycle. So rework the code to simplify (track everything through the profile path right up to the end), and move the rcu_head from policy base to profile as the namespace no longer needs it. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/include/policy.h')
-rw-r--r--security/apparmor/include/policy.h12
1 files changed, 4 insertions, 8 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 1ddd5e5728b8..4eafdd88f44e 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -80,7 +80,6 @@ struct aa_profile;
* @name: name of the object
* @hname - The hierarchical name
* @list: list policy object is on
- * @rcu: rcu head used when removing from @list
* @profiles: head of the profiles list contained in the object
*/
struct aa_policy {
@@ -88,7 +87,6 @@ struct aa_policy {
char *hname;
struct list_head list;
struct list_head profiles;
- struct rcu_head rcu;
};
/* struct aa_ns_acct - accounting of profiles in namespace
@@ -157,6 +155,7 @@ struct aa_replacedby {
/* struct aa_profile - basic confinement data
* @base - base components of the profile (name, refcount, lists, lock ...)
* @count: reference count of the obj
+ * @rcu: rcu head used when removing from @list
* @parent: parent of profile
* @ns: namespace the profile is in
* @replacedby: is set to the profile that replaced this profile
@@ -190,6 +189,7 @@ struct aa_replacedby {
struct aa_profile {
struct aa_policy base;
struct kref count;
+ struct rcu_head rcu;
struct aa_profile __rcu *parent;
struct aa_namespace *ns;
@@ -317,12 +317,8 @@ static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p)
*/
static inline void aa_put_profile(struct aa_profile *p)
{
- if (p) {
- if (p->flags & PFLAG_NS_COUNT)
- kref_put(&p->count, aa_free_namespace_kref);
- else
- kref_put(&p->count, aa_free_profile_kref);
- }
+ if (p)
+ kref_put(&p->count, aa_free_profile_kref);
}
static inline struct aa_replacedby *aa_get_replacedby(struct aa_replacedby *p)