← Back to team overview

touch-packages team mailing list archive

[Bug 1371771] Re: premature exit if find corrupted cache files

 

This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5

---------------
apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium

  [ Jamie Strandboge ]
  * sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
  * 10-lp1371771.patch: don't exit prematurely and fail to load remaining
    policy if encounter a corrupt cache file (LP: #1371771)
  * 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
    (LP: #1371765)
  * debian/lib/apparmor/functions:
    - don't return 0 on parsing failure. Patch thanks to Felix Geyer
      (LP: #1370228)
    - use xargs -n1 when we don't have cache files, but omit it when we do.
      This allows taking full advantage of xargs -P when we need it most,
      without the cost when we don't.

  [ Steve Beattie ]
  * update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch: update socketpair regression tests for
    af_unix socket mediation
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Mon, 22 Sep 2014 09:39:10 -0500

** Changed in: apparmor (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371771

Title:
  premature exit if find corrupted cache files

Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  2.8.96~2652-0ubuntu4 did this:
    * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in
      foreach_configured_profile() when loading valid cache files. This used to
      be needed when apparmor_parser would generate different binary caches when
      compiling policy one profile at a time and all at once. That bug is long
      fixed and removing -n1 gives a significant performance improvement for
      boots with valid cache files (~65% on armhf)

  This is great except there is a parser bug that if there is a
  corrupted cache file, all further cache files fail to load. While it
  is unusual to have corrupted cache files, the damage is catastrophic
  if an early cache file is corrupt since all remaining policy fails to
  load and requires the user to manually delete the corrupted cache
  files. Fixing the premature exit will not address corrupt cache files,
  but will allow the remaining good cache files to load.

  Please see bug #1371765 on how to make cache usage more robust.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371771/+subscriptions


References