Quoting Greg Kroah-Hartman (gregkh@xxxxxxxxxxxxxxxxxxx): > 4.16-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: John Johansen <john.johansen@xxxxxxxxxxxxx> > > commit 040d9e2bce0a5b321c402b79ee43a8e8d2fd3b06 upstream. > > The .ns_name should not be virtualized by the current ns view. It > needs to report the ns base name as that is being used during startup > as part of determining apparmor policy namespace support. > > BugLink: http://bugs.launchpad.net/bugs/1746463 > Fixes: d9f02d9c237aa ("apparmor: fix display of ns name") > Cc: Stable <stable@xxxxxxxxxxxxxxx> > Reported-by: Serge Hallyn <serge@xxxxxxxxxx> Excellent, thank you - this has been a pretty invasive bug for nested container usage. > Tested-by: Serge Hallyn <serge@xxxxxxxxxx> > Signed-off-by: John Johansen <john.johansen@xxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > --- > security/apparmor/apparmorfs.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > --- a/security/apparmor/apparmorfs.c > +++ b/security/apparmor/apparmorfs.c > @@ -1189,9 +1189,7 @@ static int seq_ns_level_show(struct seq_ > static int seq_ns_name_show(struct seq_file *seq, void *v) > { > struct aa_label *label = begin_current_label_crit_section(); > - > - seq_printf(seq, "%s\n", aa_ns_name(labels_ns(label), > - labels_ns(label), true)); > + seq_printf(seq, "%s\n", labels_ns(label)->base.name); > end_current_label_crit_section(label); > > return 0; >