Policy cache file mtimes are not being set correctly

Bug #1484178 reported by Tyler Hicks on 2015-08-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Critical
Tyler Hicks
apparmor (Ubuntu)
Critical
Jamie Strandboge

Bug Description

Oliver Grawert (ogra) reported that Ubuntu Touch image builds were failing due to incorrect timestamps on pre-compiled policy cache files.

Starting in AppArmor 2.10, the policy cache file's mtime was meant to be updated to be equal to the newest mtime detected
on the profile and abstraction files used to generate the policy cache file:

  http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3079

That change was not correct and resulted in the mtime of the policy cache file to either not be updated (equal to the policy cache file creation time) or to be updated to an incorrect time.

Tyler Hicks (tyhicks) on 2015-08-12
Changed in apparmor (Ubuntu):
importance: Undecided → Critical
status: New → Confirmed
Tyler Hicks (tyhicks) wrote :

Fixed with r3220

Changed in apparmor:
status: In Progress → Fix Committed
Tyler Hicks (tyhicks) on 2015-08-13
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10-0ubuntu3

---------------
apparmor (2.10-0ubuntu3) wily; urgency=medium

  * debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
    that resulted in the mtime of generate policy cache files to be set
    incorrectly. The mtime of cache files should be the newest mtime detected
    on the profile and abstraction files used to generate the policy cache
    file. However, the bug caused the mtime of the policy cache file to either
    not be updated or to be updated to an incorrect time. (LP: #1484178)
  * debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
    that the policy cache file's mtime is being set correctly and that cache
    handling is correct when the profile or abstraction files are newer than
    the policy cache file.
  * debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
    debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
    caching tests to run on the buildds even though apparmorfs isn't mounted.

 -- Tyler Hicks <email address hidden> Wed, 12 Aug 2015 13:01:56 -0500

Changed in apparmor (Ubuntu):
status: Confirmed → Fix Released
Christian Boltz (cboltz) wrote :

This was already fixed in AppArmor 2.10.1

Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers