[apparmor] [Patch] [Bug 731184] Re: apparmor_parser fails to consider its own time stamp when determining if profile cache is stale
John Johansen
john.johansen at canonical.com
Tue Mar 8 18:50:58 UTC 2011
f the apparmor_parser is updated (outside of current packaging), when
doing profile loads it will use the existing cache of compiled profiles,
instead of forcing a recompile on profiles.
This can cause apparmor to load bad policy if the parser contains a bug
fix for the previous version of the parser.
This can be worked around in packaging by invalidating the cache and
forcing a profile reload when the parser is upgraded.
=== modified file 'parser/parser_main.c'
--- parser/parser_main.c 2011-03-03 23:45:10 +0000
+++ parser/parser_main.c 2011-03-08 18:38:28 +0000
@@ -805,6 +805,7 @@
char * cachename = NULL;
char * cachetemp = NULL;
char *basename = NULL;
+ FILE *cmd;
/* per-profile states */
force_complain = opt_force_complain;
@@ -852,6 +853,12 @@
update_mru_tstamp(yyin);
}
+ cmd = fopen(progname, "r");
+ if (cmd) {
+ update_mru_tstamp(cmd);
+ fclose(cmd);
+ }
+
retval = yyparse();
if (retval != 0)
goto out;
More information about the AppArmor
mailing list