On Mon, Jun 15, 2015 at 12:10:29PM -0700, John Johansen wrote:
> 
> And the 2.9 version of this patch series. It is simpler because 2.9
> doesn't have the debug cache, and early tracking of the cache file
> that is in 2.10. It also doesn't have the ctime bug
> 
> ---
> 
> commit 14b91d4a60a942ded8c5a484ef2a737f3a2a2185
> Author: John Johansen <[email protected]>
> Date:   Mon Jun 15 12:05:35 2015 -0700
> 
>     Set cache file tstamp to the mtime of most recent policy file tstamp
>     
>     Currently the cache file has its mtime set at creation time, but this
>     can lead to cache issues when a policy file is updated separately from
>     the cache. This makes it possible for an update to ship a policy file
>     that is newer than the what the cache file was generated from, but
>     result in a cache hit because the cache file was local compiled after
>     the policy file was package into an update (this requires the update
>     to set the mtime of the file when locally installed to the mtime of
>     the file in its update archive but this is commonly done, especially
>     in image based updates).
>     
>     Signed-off-by: John Johansen <[email protected]>

Acked-by: Seth Arnold <[email protected]>

Thanks

> 
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 1d1cbe6..cd10a92 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -38,6 +38,8 @@
>  #include <sys/types.h>
>  #include <sys/stat.h>
>  #include <sys/apparmor.h>
> +#include <sys/time.h>
> +#include <utime.h>
>  
>  #include "lib.h"
>  #include "parser.h"
> @@ -873,17 +875,18 @@ static bool valid_cached_file_version(const char 
> *cachename)
>       return true;
>  }
>  
> -/* returns true if time is more recent than mru_tstamp */
> -#define mru_t_cmp(a) \
> -(((a).tv_sec == (mru_tstamp).tv_sec) ? \
> -  (a).tv_nsec > (mru_tstamp).tv_nsec : (a).tv_sec > (mru_tstamp).tv_sec)
> +#define tstamp_cmp(a, b)                                     \
> +  (((a).tv_sec == (b).tv_sec) ?                                      \
> +   ((a).tv_nsec - (b).tv_nsec) :                             \
> +   ((a).tv_sec - (b).tv_sec))
> +#define tstamp_is_null(a) ((a).tv_sec == 0 && (a).tv_nsec == 0)
>  
>  void update_mru_tstamp(FILE *file)
>  {
>       struct stat stat_file;
>       if (fstat(fileno(file), &stat_file))
>               return;
> -     if (mru_t_cmp(stat_file.st_mtim))
> +     if (tstamp_cmp(stat_file.st_mtim, mru_tstamp) > 0)
>               mru_tstamp = stat_file.st_mtim;
>  }
>  
> @@ -969,7 +972,8 @@ int process_profile(int option, const char *profilename)
>               /* Load a binary cache if it exists and is newest */
>               if (!skip_read_cache &&
>                   stat(cachename, &stat_bin) == 0 &&
> -                 stat_bin.st_size > 0 && (mru_t_cmp(stat_bin.st_mtim)) &&
> +                 stat_bin.st_size > 0 &&
> +                 (tstamp_cmp(mru_tstamp, stat_bin.st_mtim) < 0) &&
>                   valid_cached_file_version(cachename)) {
>                       if (show_cache)
>                               PERROR("Cache hit: %s\n", cachename);
> @@ -1037,6 +1041,12 @@ out:
>               }
>  
>               if (useable_cache) {
> +                     struct timeval t;
> +                     /* set the mtime of the cache file to the most newest
> +                      * mtime of policy files used to generate it
> +                      */
> +                     TIMESPEC_TO_TIMEVAL(&t, &mru_tstamp);
> +                     utimes(cachetemp, &t);
>                       if (rename(cachetemp, cachename) < 0) {
>                               pwarn("Warning failed to write cache: %s\n", 
> cachename);
>                               unlink(cachetemp);
> 
> 

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to