mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 06:45:38 +00:00
Code Issues Releases Wiki Activity

parser, libapparmor: Support multiple policy cache directories

Browse Source 
Move the policy cache directory from <cacheloc>/cache/ to
<cacheloc>/cache.d/<features_id>/ where <features_id> is a unique
identifier for a set of aa_features. This allows for multiple AppArmor
policy caches exist on a system. Each policy cache will uniquely
correspond to a specific set of AppArmor kernel features. This means
that a system can reboot into a number of different kernels and the
parser will select the existing policy cache that matches each kernel's
set of AppArmor features.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks
2017-11-02 18:20:26 +00:00
committed by John Johansen
parent 8d9c904174
commit 1f36505f3e
3 changed files with 97 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
parser/parser_main.c
View File

@@ -101,6 +101,7 @@ struct timespec cache_tstamp, mru_policy_tstamp;
static char *apparmorfs = NULL;
static char *cacheloc = NULL;
static char *cachedir = NULL;
static bool print_cache_dir = false;
static aa_features *features = NULL;
@@ -1121,7 +1122,7 @@ int main(int argc, char *argv[])
print_cache_dir || force_clear_cache) {
uint16_t max_caches = write_cache && cond_clear_cache ? 1 : 0;
if (!cacheloc && asprintf(&cacheloc, "%s/cache", basedir) == -1) {
if (!cacheloc && asprintf(&cacheloc, "%s/cache.d", basedir) == -1) {
PERROR(_("Memory allocation error."));
return 1;
}
@@ -1162,6 +1163,14 @@ int main(int argc, char *argv[])
write_cache = 0;
skip_read_cache = 1;
} else {
cachedir = aa_policy_cache_dir_path(policy_cache);
if (!cachedir) {
PERROR("Policy cache disabled: Cannot locate the policy cache directory: %m\n");
write_cache = 0;
skip_read_cache = 1;
}
}
}
@@ -1192,7 +1201,7 @@ int main(int argc, char *argv[])
memset(&cb_data, 0, sizeof(struct dir_cb_data));
cb_data.dirname = profilename;
cb_data.cachedir = cacheloc;
cb_data.cachedir = cachedir;
cb_data.kernel_interface = kernel_interface;
cb = binary_input ? binary_dir_cb : profile_dir_cb;
if ((retval = dirat_for_each(AT_FDCWD, profilename,
@@ -1206,7 +1215,7 @@ int main(int argc, char *argv[])
handle_work_result);
} else {
work_spawn(process_profile(option, kernel_interface,
profilename, cacheloc),
profilename, cachedir),
handle_work_result);
}