[apparmor] [PATCH 1/2] Add an option to allow setting the cache's location.

Seth Arnold seth.arnold at gmail.com
Mon Jan 9 09:17:34 UTC 2012 

This looks great to me John, thanks!
-----Original Message-----
From: John Johansen <john.johansen at canonical.com>
Date: Sun, 08 Jan 2012 18:48:47 
To: <seth.arnold at gmail.com>
Cc: <apparmor at lists.ubuntu.com>
Subject: Re: [apparmor] [PATCH 1/2] Add an option to allow setting the cache's
 location.

On 01/06/2012 10:54 AM, John Johansen wrote:
> On 01/06/2012 10:40 AM, Seth Arnold wrote:
>> I think this will perform badly if the cache_loc isn't set somewhere.
> Indeed that part of the patch seems to have been dropped :-/
> 
>  It also seems strange to append /cache/ to the end of the string -- if it is configured for /run/apparmor_cache it'll expand to /run/apparmor_cache/cache. I think, if specified, it should be the exact directory used.
>>
> yeah that makes sense
> 

How about this?

---

From 24a05ed7f3726f61a4cc326f453389da12a776dd Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Tue, 3 Jan 2012 04:23:44 -0800
Subject: [PATCH] Add an option to allow setting the cache's location.

Currently the cache location is fixed and links are needed to move it.
Add an option that can be set in the apparmor_parser.conf file so distros
can locate the cache where ever makes sense for them.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/apparmor_parser.pod |   19 ++++++++++++-------
 parser/parser_main.c       |   16 ++++++++++++++--
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/parser/apparmor_parser.pod b/parser/apparmor_parser.pod
index cff59d6..1a083de 100644
--- a/parser/apparmor_parser.pod
+++ b/parser/apparmor_parser.pod
@@ -127,16 +127,21 @@ Perform no caching at all: disables -W, implies -T.
 
 =item -T, --skip-read-cache
 
-By default, if a profile's cache is found in /etc/apparmor.d/cache/ and
-the timestamp is newer than the profile, it will be loaded from the cache.
-This option disables this cache loading behavior.
+By default, if a profile's cache is found in the location specified by
+--cache-loc and the timestamp is newer than the profile, it will be loaded
+from the cache. This option disables this cache loading behavior.
 
 =item -W, --write-cache
 
-Write out cached profiles to /etc/apparmor.d/cache/.  Off by default.
-In cases where abstractions have been changed, and the parser is running
-with "--replace", it may make sense to also use "--skip-read-cache" with
-the "--write-cache" option.
+Write out cached profiles to the location specified in --cache-loc.  Off
+by default. In cases where abstractions have been changed, and the parser
+is running with "--replace", it may make sense to also use
+"--skip-read-cache" with the "--write-cache" option.
+
+=item -L, --cache-loc
+
+Set the location of the cache directory.  If not specified the cache location
+defaults to /etc/apparmor.d/cache
 
 =item -Q, --skip-kernel-load
 
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 721582d..e98e1cf 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -76,6 +76,7 @@ struct timespec mru_tstamp;
 
 char *match_string = NULL;
 char *flags_string = NULL;
+char *cacheloc = NULL;
 
 /* per-profile settings */
 int force_complain = 0;
@@ -106,6 +107,7 @@ struct option long_options[] = {
 	{"skip-read-cache",	0, 0, 'T'},
 	{"write-cache",		0, 0, 'W'},
 	{"show-cache",		0, 0, 'k'},
+	{"cache-loc",		1, 0, 'L'},
 	{"debug",		0, 0, 'd'},
 	{"dump",		1, 0, 'D'},
 	{"Dump",		1, 0, 'D'},
@@ -147,6 +149,7 @@ static void display_usage(char *command)
 	       "-K, --skip-cache	Do not attempt to load or save cached profiles\n"
 	       "-T, --skip-read-cache	Do not attempt to load cached profiles\n"
 	       "-W, --write-cache	Save cached profile (force with -T)\n"
+	       "-L, --cache-loc n	Set the location of the profile cache\n"
 	       "-q, --quiet		Don't emit warnings\n"
 	       "-v, --verbose		Show profile names as they load\n"
 	       "-Q, --skip-kernel-load	Do everything except loading into kernel\n"
@@ -522,6 +525,9 @@ static int process_arg(int c, char *optarg)
 	case 'T':
 		skip_read_cache = 1;
 		break;
+	case 'L':
+		cacheloc = strdup(optarg);
+		break;
 	case 'Q':
 		kernel_load = 0;
 		break;
@@ -928,8 +934,14 @@ int process_profile(int option, char *profilename)
 	 */
 	if ((profilename && option != OPTION_REMOVE) && !force_complain &&
 	    !skip_cache) {
-		if (asprintf(&cachename, "%s/%s/%s", basedir, "cache", basename)<0) {
-			perror("asprintf");
+		if (cacheloc) {
+			cachename = strdup(cacheloc);
+			if (!cachename) {
+				PERROR(_("Memory allocation error."));
+				exit(1);
+			}
+		} else if (asprintf(&cachename, "%s/%s/%s", basedir, "cache", basename)<0) {
+			PERROR(_("Memory allocation error."));
 			exit(1);
 		}
 		/* Load a binary cache if it exists and is newest */
-- 
1.7.7.3

More information about the AppArmor mailing list