parser doesn't refresh cache if newer profile (installed from package) has timestamp older than the cache
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
New
|
Undecided
|
Unassigned | ||
Bug Description
The parser doesn't refresh the cache if newer profile (installed from a package) has a timestamp that is older than the cache file.
References: https:/
What probably happened is:
- Tuesday: existing profiles loaded, cache file written
- Wednesday: updated apparmor-profiles package installed (which was build on Monday)
Result: the updated profiles in the new apparmor-profile package are older (build date: Monday) than the cache files (written on Tuesday), so the parser happily uses the existing cache files (from the old profiles) instead of recompiling them from the new profiles.
Possible solution:
- set the cache timestamp to the timestamp of the newest file involved in a profile. That's probably easy and non-invasive, so it could be included in 2.9.1. There might still be corner cases left, but it should cover 99% of the problems.
- add a checksum of the profile and all includes in the cache file. That's the more invasive change, but guarantees that the cache always matches the profile.
| intrigeri (intrigeri) wrote | #1 |
Looks like https:/