mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-30 22:05:27 +00:00
libapparmor: Add support for overlaycache directories
Add the support to have the cache be able to search multiple locations so that the policy cache can be split into multiple locations and that there can be a local cache that can override preshipped caches. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
John Johansen
@@ -101,7 +101,6 @@ struct timespec cache_tstamp, mru_policy_tstamp;
|
||||
|
||||
static char *apparmorfs = NULL;
|
||||
static char *cacheloc = NULL;
|
||||
static char *cachedir = NULL;
|
||||
static bool print_cache_dir = false;
|
||||
|
||||
static aa_features *features = NULL;
|
||||
@@ -760,10 +759,11 @@ int test_for_dir_mode(const char *basename, const char *linkdir)
|
||||
}
|
||||
|
||||
int process_profile(int option, aa_kernel_interface *kernel_interface,
|
||||
const char *profilename, const char *cachedir)
|
||||
const char *profilename, aa_policy_cache *pc)
|
||||
{
|
||||
int retval = 0;
|
||||
autofree const char *cachename = NULL;
|
||||
autofree const char *writecachename = NULL;
|
||||
autofree const char *cachetmpname = NULL;
|
||||
autoclose int cachetmp = -1;
|
||||
const char *basename = NULL;
|
||||
@@ -803,9 +803,12 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
|
||||
}
|
||||
|
||||
/* setup cachename and tstamp */
|
||||
if (!force_complain && !skip_cache) {
|
||||
cachename = cache_filename(cachedir, basename);
|
||||
valid_read_cache(cachename);
|
||||
if (!force_complain && pc) {
|
||||
cachename = aa_policy_cache_filename(pc, basename);
|
||||
if (!cachename) {
|
||||
PERROR("Could not get cachename for '%s'\n", basename);
|
||||
} else
|
||||
valid_read_cache(cachename);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -837,8 +840,6 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
|
||||
if (!retval || skip_bad_cache_rebuild)
|
||||
return retval;
|
||||
}
|
||||
|
||||
cachetmp = setup_cache_tmp(&cachetmpname, cachename);
|
||||
}
|
||||
|
||||
if (show_cache)
|
||||
@@ -874,6 +875,18 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (pc && write_cache) {
|
||||
writecachename = cache_filename(pc, 0, basename);
|
||||
if (!writecachename) {
|
||||
PERROR("Cache write disabled: Cannot create cache file name '%s': %m\n", basename);
|
||||
write_cache = 0;
|
||||
}
|
||||
cachetmp = setup_cache_tmp(&cachetmpname, writecachename);
|
||||
if (cachetmp == -1) {
|
||||
PERROR("Cache write disabled: Cannot create setup tmp cache file '%s': %m\n", writecachename);
|
||||
write_cache = 0;
|
||||
}
|
||||
}
|
||||
/* cache file generated by load_policy */
|
||||
retval = load_policy(option, kernel_interface, cachetmp);
|
||||
if (retval == 0 && write_cache) {
|
||||
@@ -882,7 +895,7 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
|
||||
PERROR("Warning failed to create cache: %s\n",
|
||||
basename);
|
||||
} else {
|
||||
install_cache(cachetmpname, cachename);
|
||||
install_cache(cachetmpname, writecachename);
|
||||
}
|
||||
}
|
||||
out:
|
||||
@@ -1024,7 +1037,7 @@ static void setup_parallel_compile(void)
|
||||
struct dir_cb_data {
|
||||
aa_kernel_interface *kernel_interface;
|
||||
const char *dirname; /* name of the parent dir */
|
||||
const char *cachedir; /* path to the cache sub directory */
|
||||
aa_policy_cache *policy_cache; /* policy_cache to use */
|
||||
};
|
||||
|
||||
/* data - pointer to a dir_cb_data */
|
||||
@@ -1039,7 +1052,7 @@ static int profile_dir_cb(int dirfd unused, const char *name, struct stat *st,
|
||||
if (asprintf(&path, "%s/%s", cb_data->dirname, name) < 0)
|
||||
PERROR(_("Out of memory"));
|
||||
work_spawn(process_profile(option, cb_data->kernel_interface,
|
||||
path, cb_data->cachedir),
|
||||
path, cb_data->policy_cache),
|
||||
handle_work_result);
|
||||
}
|
||||
return rc;
|
||||
@@ -1163,14 +1176,6 @@ int main(int argc, char *argv[])
|
||||
|
||||
write_cache = 0;
|
||||
skip_read_cache = 1;
|
||||
} else {
|
||||
cachedir = aa_policy_cache_dir_path(policy_cache, 0);
|
||||
if (!cachedir) {
|
||||
PERROR("Policy cache disabled: Cannot locate the policy cache directory: %m\n");
|
||||
|
||||
write_cache = 0;
|
||||
skip_read_cache = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1201,7 +1206,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
memset(&cb_data, 0, sizeof(struct dir_cb_data));
|
||||
cb_data.dirname = profilename;
|
||||
cb_data.cachedir = cachedir;
|
||||
cb_data.policy_cache = policy_cache;
|
||||
cb_data.kernel_interface = kernel_interface;
|
||||
cb = binary_input ? binary_dir_cb : profile_dir_cb;
|
||||
if ((retval = dirat_for_each(AT_FDCWD, profilename,
|
||||
@@ -1215,7 +1220,7 @@ int main(int argc, char *argv[])
|
||||
handle_work_result);
|
||||
} else {
|
||||
work_spawn(process_profile(option, kernel_interface,
|
||||
profilename, cachedir),
|
||||
profilename, policy_cache),
|
||||
handle_work_result);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user