[apparmor] [PATCH] local site-specific changes
Steve Beattie
steve at nxnw.org
Fri Aug 13 16:13:36 BST 2010
On Fri, Aug 13, 2010 at 07:19:25AM -0700, Kees Cook wrote:
> On Fri, Aug 13, 2010 at 05:54:57AM -0700, Steve Beattie wrote:
> > Alas, all this doesn't lead to the usability improvements you might
> > think it does, as on reload, the parser doesn't detect that the local/
> > files have changed, the cached blob is reloaded, and whatever policy
> > issue the admin is trying to address remains unaddressed in the
> > policies currently loaded into the kernel.
> >
> > I've filed LP: #617375 about the issue.
>
> You've verified this? "reload" should throw away the cache unconditionally.
> If that's not happening, it's a regression in the init script. (It does
> this because the same problem exists for abstractions, etc)
Hrm, I thought I had, but in attempting to reproduce it, 'reload' does
properly flush the cache. Sigh.
I'll close the bug then, though we still ought to fix it so that the
parser is able to detect updated includes and regenerate policy only
where appropriate on a 'restart'.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100813/c594c3d4/attachment.pgp
More information about the AppArmor
mailing list