On Mon, Jun 15, 2015 at 12:10:29PM -0700, John Johansen wrote: > > And the 2.9 version of this patch series. It is simpler because 2.9 > doesn't have the debug cache, and early tracking of the cache file > that is in 2.10. It also doesn't have the ctime bug > > --- > > commit 14b91d4a60a942ded8c5a484ef2a737f3a2a2185 > Author: John Johansen <[email protected]> > Date: Mon Jun 15 12:05:35 2015 -0700 > > Set cache file tstamp to the mtime of most recent policy file tstamp > > Currently the cache file has its mtime set at creation time, but this > can lead to cache issues when a policy file is updated separately from > the cache. This makes it possible for an update to ship a policy file > that is newer than the what the cache file was generated from, but > result in a cache hit because the cache file was local compiled after > the policy file was package into an update (this requires the update > to set the mtime of the file when locally installed to the mtime of > the file in its update archive but this is commonly done, especially > in image based updates). > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> Thanks > > diff --git a/parser/parser_main.c b/parser/parser_main.c > index 1d1cbe6..cd10a92 100644 > --- a/parser/parser_main.c > +++ b/parser/parser_main.c > @@ -38,6 +38,8 @@ > #include <sys/types.h> > #include <sys/stat.h> > #include <sys/apparmor.h> > +#include <sys/time.h> > +#include <utime.h> > > #include "lib.h" > #include "parser.h" > @@ -873,17 +875,18 @@ static bool valid_cached_file_version(const char > *cachename) > return true; > } > > -/* returns true if time is more recent than mru_tstamp */ > -#define mru_t_cmp(a) \ > -(((a).tv_sec == (mru_tstamp).tv_sec) ? \ > - (a).tv_nsec > (mru_tstamp).tv_nsec : (a).tv_sec > (mru_tstamp).tv_sec) > +#define tstamp_cmp(a, b) \ > + (((a).tv_sec == (b).tv_sec) ? \ > + ((a).tv_nsec - (b).tv_nsec) : \ > + ((a).tv_sec - (b).tv_sec)) > +#define tstamp_is_null(a) ((a).tv_sec == 0 && (a).tv_nsec == 0) > > void update_mru_tstamp(FILE *file) > { > struct stat stat_file; > if (fstat(fileno(file), &stat_file)) > return; > - if (mru_t_cmp(stat_file.st_mtim)) > + if (tstamp_cmp(stat_file.st_mtim, mru_tstamp) > 0) > mru_tstamp = stat_file.st_mtim; > } > > @@ -969,7 +972,8 @@ int process_profile(int option, const char *profilename) > /* Load a binary cache if it exists and is newest */ > if (!skip_read_cache && > stat(cachename, &stat_bin) == 0 && > - stat_bin.st_size > 0 && (mru_t_cmp(stat_bin.st_mtim)) && > + stat_bin.st_size > 0 && > + (tstamp_cmp(mru_tstamp, stat_bin.st_mtim) < 0) && > valid_cached_file_version(cachename)) { > if (show_cache) > PERROR("Cache hit: %s\n", cachename); > @@ -1037,6 +1041,12 @@ out: > } > > if (useable_cache) { > + struct timeval t; > + /* set the mtime of the cache file to the most newest > + * mtime of policy files used to generate it > + */ > + TIMESPEC_TO_TIMEVAL(&t, &mru_tstamp); > + utimes(cachetemp, &t); > if (rename(cachetemp, cachename) < 0) { > pwarn("Warning failed to write cache: %s\n", > cachename); > unlink(cachetemp); > >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
