[apparmor] [PATCH 01/31] change cache check so that debugging can see which file caused failure

Tyler Hicks tyhicks at canonical.com
Wed Dec 10 18:05:03 UTC 2014


On 2014-12-06 15:05:51, Christian Boltz wrote:
> Hello,
> 
> Am Freitag, 5. Dezember 2014 schrieb Tyler Hicks:
> > Currently the cache tracks the most recent timestamp of parsed files
> > and then compares that to the cache timestamp. This unfortunately
> > prevents the parser from being able to know which files caused the
> > cache check failure.
> > 
> > Rework the cache check so that there is a debug option, and that
> > the cache file timestamp is set first so that we can output
> > a deug message for each file that causes a cache check failure.
> 
> So you have the timestamp of the newest file that is involved in the 
> profile? Nice :-)
> 
> When writing the cache file, can you please set that timestamp on it?

Note that John wrote this patch. He handed me a pile of patches that he
had started on when he was working on moving the cache loading code into
libapparmor.

If I understand the commit message correctly, this patch simply checks
the timestamp of the cache file before starting to check the timestamp
of the profile and include files. That allows for a debug message to be
printed when an include file is discovered to be newer/older than the
cache file.

Modifying the way that cache files are creating, by setting their
timestamp, is outside of the scope of this patch set. I think it is a
good feature to implement but it is not something that I'm willing to
entertain in this set of patches. Once the cache code is cleaned up and
moved to libapparmor, such a change should be relatively easy to make.

Tyler

> 
> That would reduce the risk to see
>     https://bugs.launchpad.net/apparmor/+bug/1392042
>     https://bugzilla.novell.com/show_bug.cgi?id=904620#c7
> a lot.
> 
> Including a checksum in the cache file would be even better, but that's 
> a bigger and more invasive patch - probably not you want to include in 
> this patch series.
> 
> 
> Regards,
> 
> Christian Boltz
> -- 
> Das hätte man auch kürzer sagen können:
> | "Please don't use evolution anymore. It's not intended as a
> |  mailingprogramm, we're just riding around a little bit on our
> |  C-Compilers to find out how to break the rules."
> Yes, sir. Nice outlooks.      [Ratti in suse-linux]
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20141210/6068a0fd/attachment.pgp>


More information about the AppArmor mailing list