[apparmor] PATCH [1/2] have caching respect include time stamps
Kees Cook
kees.cook at canonical.com
Tue Sep 14 19:16:50 BST 2010
On Tue, Sep 14, 2010 at 03:54:36AM -0700, John Johansen wrote:
> This patch changes how cache validation is done, by moving it post
> parsing, and precompilation of policy. This allows finding the most
> recent text time stamp during parsing and this is then compared to
> the cache file time stamp.
>
> While this is slightly slower than the cache file check that only
> validated against the profile file it fixes the bug where abstraction
> updates do not cause the cache file to become invalid.
ACK, caching test passes with these changes. I will add more tests to
validate the new functionality.
> Nominated for 2.5.1
I take back my NAK, and leave it to Steve to decide. :)
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list