Upon further investigation, python3-apparmor-click and python3-apparmor- easyprof both use shutil.move() to put a temp file into place. shutil.move() will use os.rename() if the files reside on the same file, but will use shutil.copy2() followed by an unlink otherwise. Since the tempfile.mkstemp() in both cases does not specify to use a different temp directory (ie, dir=None), these files will be created in /tmp, which is a tmpfs on devices (verified on mako), therefore the shutil.move() is not atomic. This confirms that utilizing a blocking lock file will prevent at least some forms of races and corruption. We could adjust the mkstemp() call to use the same filesystem, however, that would result in unexpected behavior when two aa-clickhooks are run at the same time (ie, both would think they did everything correctly but each could have missed something).
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1377338 Title: apparmor may fail to load some profiles if one is corrupted Status in “apparmor” package in Ubuntu: Triaged Status in “click-apparmor” package in Ubuntu: In Progress Status in “click-apparmor” package in Ubuntu RTM: In Progress Bug description: Steps to reproduce (on the emulator): 1. sudo sh -c 'echo foo > /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638' 2. sudo start apparmor ACTION=teardown 3. sudo start apparmor start: Job failed to start 4. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_bad 5. sudo rm -f /var/lib/apparmor/profiles/click_com.ubuntu.music_music_1.3.638 6. sudo aa-clickhook # regenerates the missing profile to had a good one 7. sudo start apparmor ACTION=teardown 8. sudo start apparmor 9. sudo aa-status|egrep '^ '|grep -v '('| sort -u > /tmp/aa-status.music_good 10. diff -Naur /tmp/aa-status.music_bad /tmp/aa-status.music_good --- /tmp/aa-status.music_bad 2014-10-03 22:47:52.890906744 +0000 +++ /tmp/aa-status.music_good 2014-10-03 22:49:54.372739381 +0000 @@ -13,6 +13,10 @@ com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter_1.0.18//oxide_helper com.ubuntu.developer.webapps.webapp-twitter_webapp-twitter-helper_1.0.18 com.ubuntu.dropping-letters_dropping-letters_0.1.2.2.66 + com.ubuntu.music_music_1.3.638 + com.ubuntu.shorts_shorts_0.2.330 + com.ubuntu.sudoku_sudoku_1.1.292 + com.ubuntu.weather_weather_1.1.374 lxc-container-default lxc-container-default-with-mounting lxc-container-default-with-nesting Expected results: only com.ubuntu.music_music_1.3.638 should be missing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377338/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
