AppArmor is leaking the newly loaded profile and its proxy when
the profile is an exact match to the currently loaded version.
In this case the match check results in the profile being skipped
and put with out dealing with the proxy and forwarding thus creating
a circular refcount and a leak.
BugLink: http://bugs.launchpad.net/bugs/1750594
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
audit_policy(label, op, ns_name, ent->new->base.hname,
"same as current profile, skipping",
error);
+ /* break refcount cycle with proxy. */
+ aa_put_proxy(ent->new->label.proxy);
+ ent->new->label.proxy = NULL;
goto skip;
}