[apparmor] [PATCH 2/2] Disable caching when a namespace is specified

[John Johansen]

Profile loads when specifying namespaces currently conflict with caching.
If the profile (ignoring the specified namespace) is in the cache, then
the cached profile will be loaded, replacing the profile in the current
namespace instead of loading the profile to the new namespace.

Fix this by disabling caching when a namespace is specified, forcing the
profile to be compiled.

NOTE: this will not affect profiles loaded from within a namespace using
      either the same or a separate directory as the base to load a namespace
      from.  This only affects loading profiles directly into a child
      namespace.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_main.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/parser/parser_main.c b/parser/parser_main.c
index 1aef616..b9465e7 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -926,6 +926,15 @@ int process_profile(int option, char *profilename)
 	if (retval != 0)
 		goto out;
 
+	/* Test to see if profile is for another namespace, if so disable
+	 * caching for now
+	 * TODO: Add support for caching profiles in an alternate namespace
+	 * TODO: Add support for embedded namespace defines if they aren't
+	 *       removed from the language.
+	 */
+	if (profile_namespace)
+		skip_cache = 1;
+
 	/* Do secondary test to see if cached binary profile is good,
 	 * instead of checking against a presupplied list of files
 	 * use the timestamps from the files that were parsed.
-- 
1.7.7.3