Ubuntu
apparmor package

specifying -O to parser causes the parser to not consider cache files

Bug #1385947 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Confirmed
Medium
Unassigned
apparmor (Ubuntu)
Fix Released
Medium
Jamie Strandboge
apparmor (Ubuntu RTM)
Fix Released
Critical
Jamie Strandboge

Bug Description

If the cache files are up to date and I specify:
/sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor -- profile1 profile2 ...

then the cache files in /var/cache/apparmor are used (good).

However, if the cache files are up to date and I specify:
/sbin/apparmor_parser --write-cache --replace --cache-loc=/var/cache/apparmor -O no-expr-simplify -- profile1 profile2 ...

then the cache files in /var/cache/apparmor are all regenerated (not good). This needs to be fixed in order to use '-O no-expr-simplify' to fix bug #1383858.

Related branches

lp:ubuntu/vivid/apparmor
Jamie Strandboge (jdstrand)
Changed in apparmor:
status: New → Confirmed
importance: Undecided → Medium
Changed in apparmor (Ubuntu RTM):
status: New → Confirmed
Changed in apparmor (Ubuntu):
status: New → Confirmed
Changed in apparmor (Ubuntu RTM):
importance: Undecided → Critical
Revision history for this message
John Johansen (jjohansen) wrote :

So this is working as designed, when you explicitly override the Optimization flags it is assumed that you will not want the old compile.

There are a couple of ways to properly fix this
1. Store the compile options used with the cache, and compare them at the start of a compile, to determine whether or not to skip using the cache.

2. add a new flag to indicate that the implied skip cache shouldn't be used. This is easier but some what hacky.

A third option is open to Ubuntu, to use a distro patch (I don't think this will be taken upstream, at least not with out discussion) to remove forcing optimization options to skip the cache. This is the easiest and the patch to do so is attached

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "foo.diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks John. For now I'll use this patch and we can discuss if we want to do something different upstream as we have time.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

In thinking about this a little, it seems that if optimization flags can be set in parser.conf to change the defaults, then use of '-O' shouldn't force skipping reading of the cache. Perhaps it would make sense to apply this patch but also to adjust the man page to state something long the lines of "if specifying '-O' on the command line, it probably makes sense to also specify '--skip-read-cache'".

Revision history for this message
John Johansen (jjohansen) wrote :

Sticking it the parser.conf also counts as overriding because the set of flags used during compile are currently not stored (basically anything different than the default binary behavior is treated as different).

The proper long term fix is to store this information off so that the parser can detect compile option changes.

Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Confirmed → Fix Committed
Changed in apparmor (Ubuntu RTM):
status: Confirmed → In Progress
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.98-0ubuntu3

---------------
apparmor (2.8.98-0ubuntu3) vivid; urgency=medium

  * debian/lib/apparmor/functions: disable expr tree simplification for
    /var/lib/apparmor/profiles (LP: #1383858)
  * parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
    cache when specifying '-O' (LP: #1385947)
 -- Jamie Strandboge <email address hidden> Tue, 28 Oct 2014 17:41:08 -0500

Changed in apparmor (Ubuntu):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
tags: added: rtm14 touch-2014-10-28
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.96~2652-0ubuntu5.3

---------------
apparmor (2.8.96~2652-0ubuntu5.3) 14.09; urgency=medium

  * debian/lib/apparmor/functions: disable expr tree simplification for
    /var/lib/apparmor/profiles (LP: #1383858)
  * parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
    cache when specifying '-O' (LP: #1385947)
  * 10-lp1371771.patch, 11-lp1371765.patch: refresh for the above
 -- Jamie Strandboge <email address hidden> Mon, 27 Oct 2014 07:13:42 -0500

Changed in apparmor (Ubuntu RTM):
status: In Progress → Fix Released
Christian Boltz (cboltz)
tags: added: aa-parser
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.