[apparmor] [PATCH 2/2] Set cache file tstamp to the mtime of most recent policy file tstamps

[Christian Boltz]

Hello,

Am Samstag, 6. Juni 2015 schrieb John Johansen:
> On 06/06/2015 06:49 AM, Christian Boltz wrote:
> > Am Freitag, 5. Juni 2015 schrieb John Johansen:
> >> Currently the cache file has its mtime set to its creation time,
> >> but
> >> this can lead to cache issues when a policy file is updated
> >> separately from the cache file so that is possible a policy file is
> >> newer than the what the cache file was generated from but still
> >> fails
> >> the comparison because the generated cache file has a newer
> >> timestamp.
> > 
> > This avoids quite some packaging problems, thanks!
> > 
> > Bonus question: would it make sense to
> > 
> > a) [simple change] let the cache check look for the exact timestamp
> > 
> >    (maybe with +/- 1 second) instead of "cache is newer than all
> >    files involved in the profile"?
> 
> The exact check would fail for all but 1 file unless you stored the
> timestamps of all files in used in creating the cache. Well unless you
> changed the timestamps of all those files to be the same, which has
> its own problems.

I was of course thinking about using the timestamp of the newest 
involved file - same method as you use to determinate the cache file 
timestamp when writing the cache.

That said, ...

> > b) [more difficult change] store the timestamp (or even a checksum)
> > of> 
> >    all files involved in the profile/cache file?
> 
> I think storing a checksum or hash is the more likely solution. This
> wouldn't be too hard.

... this sounds like a much better solution :-)


Regards,

Christian Boltz
-- 
My "Irish" luck is fantastic, especially after a half-gallon
of Mexican Beer [Patrick Shanahan in opensuse-factory]