[apparmor] [PATCH 1/2] Use mtime instead of ctime for cache file

Steve Beattie steve at nxnw.org
Thu Jun 18 18:07:51 UTC 2015 

On Mon, Jun 15, 2015 at 12:10:29PM -0700, John Johansen wrote:
> And the 2.9 version of this patch series. It is simpler because 2.9
> doesn't have the debug cache, and early tracking of the cache file
> that is in 2.10. It also doesn't have the ctime bug
> 
> commit 14b91d4a60a942ded8c5a484ef2a737f3a2a2185
> Author: John Johansen <john.johansen at canonical.com>
> Date:   Mon Jun 15 12:05:35 2015 -0700
> 
>     Set cache file tstamp to the mtime of most recent policy file tstamp
>     
>     Currently the cache file has its mtime set at creation time, but this
>     can lead to cache issues when a policy file is updated separately from
>     the cache. This makes it possible for an update to ship a policy file
>     that is newer than the what the cache file was generated from, but
>     result in a cache hit because the cache file was local compiled after
>     the policy file was package into an update (this requires the update
>     to set the mtime of the file when locally installed to the mtime of
>     the file in its update archive but this is commonly done, especially
>     in image based updates).
>     
>     Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Steve Beattie <steve at nxnw.org>

.. with one minor grammatical change in a comment:

> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 1d1cbe6..cd10a92 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -1037,6 +1041,12 @@ out:
>  		}
>  
>  		if (useable_cache) {
> +			struct timeval t;
> +			/* set the mtime of the cache file to the most newest

s/most newest/newest/

> +			 * mtime of policy files used to generate it
> +			 */
> +			TIMESPEC_TO_TIMEVAL(&t, &mru_tstamp);
> +			utimes(cachetemp, &t);
>  			if (rename(cachetemp, cachename) < 0) {
>  				pwarn("Warning failed to write cache: %s\n", cachename);
>  				unlink(cachetemp);

Thanks!

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150618/1d3ff586/attachment.pgp>

More information about the AppArmor mailing list