Add an option to allow setting the cache's location.

Currently the cache location is fixed and links are needed to move it. Add an option that can be set in the apparmor_parser.conf file so distros can locate the cache where ever makes sense for them. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
2025-09-02 07:15:18 +00:00 · 2012-01-11 17:25:18 +01:00
parent 7031a91aec
commit 5fdf33c689
2 changed files with 26 additions and 9 deletions
--- a/parser/apparmor_parser.pod
+++ b/parser/apparmor_parser.pod
@@ -127,16 +127,21 @@ Perform no caching at all: disables -W, implies -T.
 =item -T, --skip-read-cache
-By default, if a profile's cache is found in /etc/apparmor.d/cache/ and
+By default, if a profile's cache is found in the location specified by
-the timestamp is newer than the profile, it will be loaded from the cache.
+--cache-loc and the timestamp is newer than the profile, it will be loaded
-This option disables this cache loading behavior.
+from the cache. This option disables this cache loading behavior.
 =item -W, --write-cache
-Write out cached profiles to /etc/apparmor.d/cache/.  Off by default.
+Write out cached profiles to the location specified in --cache-loc.  Off
-In cases where abstractions have been changed, and the parser is running
+by default. In cases where abstractions have been changed, and the parser
-with "--replace", it may make sense to also use "--skip-read-cache" with
+is running with "--replace", it may make sense to also use
-the "--write-cache" option.
+"--skip-read-cache" with the "--write-cache" option.
 =item -L, --cache-loc
 Set the location of the cache directory.  If not specified the cache location
 defaults to /etc/apparmor.d/cache
 =item -Q, --skip-kernel-load
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -76,6 +76,7 @@ struct timespec mru_tstamp;
 char *match_string = NULL;
 char *flags_string = NULL;
 char *cacheloc = NULL;
 /* per-profile settings */
 int force_complain = 0;
@@ -106,6 +107,7 @@ struct option long_options[] = {
 	{"skip-read-cache",	0, 0, 'T'},
 	{"write-cache",		0, 0, 'W'},
 	{"show-cache",		0, 0, 'k'},
 	{"cache-loc",		1, 0, 'L'},
 	{"debug",		0, 0, 'd'},
 	{"dump",		1, 0, 'D'},
 	{"Dump",		1, 0, 'D'},
@@ -147,6 +149,7 @@ static void display_usage(char *command)
 	       "-K, --skip-cache	Do not attempt to load or save cached profiles\n"
 	       "-T, --skip-read-cache	Do not attempt to load cached profiles\n"
 	       "-W, --write-cache	Save cached profile (force with -T)\n"
 	       "-L, --cache-loc n	Set the location of the profile cache\n"
 	       "-q, --quiet		Don't emit warnings\n"
 	       "-v, --verbose		Show profile names as they load\n"
 	       "-Q, --skip-kernel-load	Do everything except loading into kernel\n"
@@ -522,6 +525,9 @@ static int process_arg(int c, char *optarg)
 	case 'T':
 		skip_read_cache = 1;
 		break;
 	case 'L':
 		cacheloc = strdup(optarg);
 		break;
 	case 'Q':
 		kernel_load = 0;
 		break;
@@ -928,8 +934,14 @@ int process_profile(int option, char *profilename)
 	 */
 	if ((profilename && option != OPTION_REMOVE) && !force_complain &&
 	    !skip_cache) {
-		if (asprintf(&cachename, "%s/%s/%s", basedir, "cache", basename)<0) {
+		if (cacheloc) {
-			perror("asprintf");
+			cachename = strdup(cacheloc);
 			if (!cachename) {
 				PERROR(_("Memory allocation error."));
 				exit(1);
 			}
 		} else if (asprintf(&cachename, "%s/%s/%s", basedir, "cache", basename)<0) {
 			PERROR(_("Memory allocation error."));
 			exit(1);
 		}
 		/* Load a binary cache if it exists and is newest */