touch-packages team mailing list archive

Thread
Date

[Bug 1371765] Re: apparmor_parser should be able to recompile policy on bad cache

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1371765@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Sep 2014 22:48:57 -0000
Reply-to: Bug 1371765 <1371765@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5

---------------
apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium

  [ Jamie Strandboge ]
  * sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
  * 10-lp1371771.patch: don't exit prematurely and fail to load remaining
    policy if encounter a corrupt cache file (LP: #1371771)
  * 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
    (LP: #1371765)
  * debian/lib/apparmor/functions:
    - don't return 0 on parsing failure. Patch thanks to Felix Geyer
      (LP: #1370228)
    - use xargs -n1 when we don't have cache files, but omit it when we do.
      This allows taking full advantage of xargs -P when we need it most,
      without the cost when we don't.

  [ Steve Beattie ]
  * update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch: update socketpair regression tests for
    af_unix socket mediation
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Mon, 22 Sep 2014 09:39:10 -0500

** Changed in: apparmor (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1371765

Title:
  apparmor_parser should be able to recompile policy on bad cache

Status in “apparmor” package in Ubuntu:
  Fix Released

Bug description:
  Right now, if given --cache-loc the parser will see if there is a
  cache file. If there isn't and --write-cache is used, the parser will
  compile the policy and put the binary cache in --cache-loc (fine). If
  there is a cache file, it will load the cache file (also fine). If the
  cache file is corrupt, the policy is not loaded into the kernel.

  Not loading the policy into the kernel may be fine for certain
  environments, but there should be an option on if the cache file is
  corrupt, to delete it, recompile the policy and write out a new cache
  file. This would be very worthwhile for Ubuntu's cache loading since
  there is no way to recover from a bad cache file without user
  intervention.

  Setting to 'High' with tags to indicate that we want to include this
  on shipping devices but that it can be delivered as OTA.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371765/+subscriptions

References

[Bug 1371765] [NEW] apparmor_parser should be able to recompile policy on bad cache
From: Jamie Strandboge, 2014-09-19