[apparmor] [PATCH] add caching tests to build
Kees Cook
kees at ubuntu.com
Tue Sep 14 19:42:26 BST 2010
On Tue, Sep 14, 2010 at 11:23:11AM -0700, Kees Cook wrote:
> On Tue, Sep 14, 2010 at 11:03:29AM -0700, Kees Cook wrote:
> > This adds the caching tests to the build, which requires effectively
> > reverting revno 1471 and fixes the root-cause (load_policy complaining that
> > the kernel file descriptor isn't open when kernel_load is false).
>
> Updated with debugging removed so it applies cleanly with John's caching
> updates.
>
> - if (fd < 0) {
> - if (kernel_load)
> - PERROR(_("Unable to open %s - %s\n"), filename,
> - strerror(errno));
> - else
> - PERROR(_("Unable to open output file - %s\n"),
> - strerror(errno));
> + if (kernel_load && fd < 0) {
> + PERROR(_("Unable to open %s - %s\n"), filename,
> + strerror(errno));
> error = -errno;
> goto exit;
> }
John pointed out this isn't quite right on IRC. I think this additional
patch corrects it:
=== modified file 'parser/parser_interface.c'
--- parser/parser_interface.c 2010-09-14 18:03:40 +0000
+++ parser/parser_interface.c 2010-09-14 18:40:42 +0000
@@ -748,7 +748,7 @@
break;
}
- if (kernel_load && fd < 0) {
+ if (fd < 0 && (kernel_load || OPTION_OFILE || OPTION_STDOUT)) {
PERROR(_("Unable to open %s - %s\n"), filename,
strerror(errno));
error = -errno;
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list