[apparmor] PATCH [1/2] have caching respect include time stamps
Kees Cook
kees.cook at canonical.com
Tue Sep 14 17:32:58 BST 2010
On Tue, Sep 14, 2010 at 03:48:46AM -0700, John Johansen wrote:
> This patch changes how cache validation is done, by moving it post
> parsing, and precompilation of policy. This allows finding the most
> recent text time stamp during parsing and this is then compared to
> the cache file time stamp.
>
> While this is slightly slower than the cache file check that only
> validated against the profile file it fixes the bug where abstraction
> updates do not cause the cache file to become invalid.
>
> Nominated for 2.5.1
My knee-jerk is to NAK this for 2.5.1 and save it for 2.5.2, since we're
already in rc status with 2.5.1.
That said, it's great functionality, and I'll go look over the patches now.
Thanks!
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list