parser doesn't refresh cache if newer profile (installed from package) has timestamp older than the cache
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
The parser doesn't refresh the cache if newer profile (installed from a package) has a timestamp that is older than the cache file.
References: https:/
What probably happened is:
- Tuesday: existing profiles loaded, cache file written
- Wednesday: updated apparmor-profiles package installed (which was build on Monday)
Result: the updated profiles in the new apparmor-profile package are older (build date: Monday) than the cache files (written on Tuesday), so the parser happily uses the existing cache files (from the old profiles) instead of recompiling them from the new profiles.
Possible solution:
- set the cache timestamp to the timestamp of the newest file involved in a profile. That's probably easy and non-invasive, so it could be included in 2.9.1. There might still be corner cases left, but it should cover 99% of the problems.
- add a checksum of the profile and all includes in the cache file. That's the more invasive change, but guarantees that the cache always matches the profile.
Looks like https:/ /bugs.launchpad .net/ubuntu/ +source/ apparmor/ +bug/1350673, for which Ubuntu now has a workaround.