premature exit if find corrupted cache files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Critical
|
John Johansen |
Bug Description
2.8.96~
* debian/
foreach_
be needed when apparmor_parser would generate different binary caches when
compiling policy one profile at a time and all at once. That bug is long
fixed and removing -n1 gives a significant performance improvement for
boots with valid cache files (~65% on armhf)
This is great except there is a parser bug that if there is a corrupted cache file, all further cache files fail to load. While it is unusual to have corrupted cache files, the damage is catastrophic if an early cache file is corrupt since all remaining policy fails to load and requires the user to manually delete the corrupted cache files. Fixing the premature exit will not address corrupt cache files, but will allow the remaining good cache files to load.
Please see bug #1371765 on how to make cache usage more robust.
Related branches
Changed in apparmor (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Critical |
assignee: | nobody → John Johansen (jjohansen) |
tags: | added: rtm14 touch-2014-09-25 |
This bug was fixed in the package apparmor - 2.8.96~ 2652-0ubuntu5
--------------- 2652-0ubuntu5) utopic; urgency=medium
apparmor (2.8.96~
[ Jamie Strandboge ] helpers- updates. patch: update ubuntu-helpers for unix mediation lib/apparmor/ functions:
* sanitized-
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
(LP: #1371765)
* debian/
- don't return 0 on parsing failure. Patch thanks to Felix Geyer
(LP: #1370228)
- use xargs -n1 when we don't have cache files, but omit it when we do.
This allows taking full advantage of xargs -P when we need it most,
without the cost when we don't.
[ Steve Beattie ] socketpair_ tests_for_ af_unix. patch, socketpair_ tests.patch: update socketpair regression tests for
* update_
fix_
af_unix socket mediation
-- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 09:39:10 -0500