** Changed in: snappy/15.04
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when
** Changed in: snappy/15.04
Status: Fix Released = Fix Committed
** Changed in: snappy/15.04
Milestone: 15.04.1 = 15.04.2
** Changed in: snappy
Status: Fix Committed = Fix Released
** Changed in: apparmor (Ubuntu)
Status: New = Fix Released
--
You received this bug
** Branch linked: lp:ubuntu/wily-proposed/ubuntu-core-config
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when apparmor.d
** Changed in: snappy
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when apparmor.d
Tentative backport of patch for 2.9 (note it only needs a single patch)
** Patch added: foo.diff
https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4415266/+files/foo.diff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
sorry, yes. I have been poking at what is the best/minimum backport of
this
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when
I looked into backporting this, but it seems to be not entirely
straightforward as the code layout changed and the changed file are not
available in 2.9 it seems. So this needs some work beyond just applying
the patch.
--
You received this bug notification because you are a member of Ubuntu
I'm in favour of (1) too but lets wait until the snappy point release is
done. I add a trello card so that its not forgotten.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Changed in: snappy/15.04
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when
Let's land on wily, test and then make push to our PPA (so we can also
test it there, and also revert the workaround), we can include this at
our next stable release :-)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
This is fine for wily. We'll want to backport this to other releases, but we'll
need to be careful wrt 15.04 because touch is about to release their
15.04-based OTA and if we push this to vivid-updates, then it will trigger a
policy recompile on touch. As such, I think for now we should either:
Michael,
I have a patch (well two actually), and they just need further review
and testing. I also have a partial hashing patch that if needed could be
finished in a few hours, and add native hashing (if we go this route we
could make the hash selectable, so something fast like lookup3 could be
@all I just verified that a 15.04/stable - 15.04/edge upgrade works and
that the caches are regenerated. So the workaround works.
@John I started with the mtime approach in my proof of concept patch. So
if you guys are too busy I can try to expand it to cover the includes as
well (it does not
second patch
** Patch added:
0002-Set-cache-file-tstamp-to-the-mtime-of-most-recent-po.patch
https://bugs.launchpad.net/snappy/+bug/1460152/+attachment/4411427/+files/0002-Set-cache-file-tstamp-to-the-mtime-of-most-recent-po.patch
--
You received this bug notification because you are a
@John Yay! The patches look great, thanks a lot! I leave the decision on
hashing vs mtime to you/the security team. For me the mtime approach is
good enough (unless I miss some failure case that is relatively easy to
trigger, it seems it covers all but the most pathological cases) and it
will
@John Yay! The patches look great, thanks a lot! I leave the decision on
hashing vs mtime to you/the security team. For me the mtime approach is
good enough (unless I miss some failure case that is relatively easy to
trigger, it seems it covers all but the most pathological cases) and it
will
I added a different approach that adds hashes next to the cached files
so that we can compare if hash(profile) == hash(cache) and if not re-
generate.
** Branch linked: lp:~mvo/ubuntu/vivid/ubuntu-core-
config/lp1460152-workaround
--
You received this bug notification because you are a member
FYI, the hash approach is slow for the normal case since we always have
to perform an sum. Furthermore it doesn't take into account #include'd
files that might also change (eg, apparmor is updated and has a
different base abstraction). For the workaround, I guess it is ok since
the slowdown will
Yes the apparmor_parser should set the mtime of the cache file to be the
most recent mtime timestamp of the set of policy files that resulted in
the cache files creation. This is something we have been meaning to do
for a long time but just never gotten around to it because there always
something
** Branch linked: lp:~mvo/snappy/snappy-lp1460152-workaround
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when apparmor.d
This should be fixed with image r76, the cache files are generated on
the server now just like touch is doing it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
** Changed in: snappy/15.04
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when
I looked into this some more as I was confused why this works on the
distro. And it turns out that the dh_apparmor cache re-generates the
cache on install time.
I would really prefer if apparmor could handle this differently, I
attach a (ugly) proof of concept patch with what I have in mind. My
Ricardo pointed out that we need to consider the features file (just
like touch).
** Changed in: snappy/15.04
Status: Fix Committed = In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1460152
Title:
apparmor cache not updated when apparmor.d rules change (breaks
15.04/stable -
** Changed in: snappy
Assignee: (unassigned) = Michael Vogt (mvo)
** Changed in: snappy/15.04
Assignee: (unassigned) = Michael Vogt (mvo)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
26 matches
Mail list logo
