In our discussion that we already had I've suggested how to fix it in code and I think this still is a valid approach to harden against whatever was causing it in the first place.
After initial creation the file is meant to stay as-is to allow users
to do customization e.g. special apparmor rules that only apply to
this particular guest.
Now while we conceptionally allow edits, we could argue that a 0-byte
file always surely is a consequence of an error and in that case
regenerate it as if it would not have been there.
Currently creation only happens within
/* create the profile from TEMPLATE */
if (ctl->cmd == 'c') {
But we could move that out to a function and call it here as well as
on the ctl->cmd == 'r' path IF the file does a) not exist or b) is of
size zero.
Thanks Ioanna for the bug.
In our discussion that we already had I've suggested how to fix it in code and I think this still is a valid approach to harden against whatever was causing it in the first place.
After initial creation the file is meant to stay as-is to allow users
to do customization e.g. special apparmor rules that only apply to
this particular guest.
Now while we conceptionally allow edits, we could argue that a 0-byte
file always surely is a consequence of an error and in that case
regenerate it as if it would not have been there.
Currently creation only happens within
/* create the profile from TEMPLATE */
if (ctl->cmd == 'c') {
But we could move that out to a function and call it here as well as
on the ctl->cmd == 'r' path IF the file does a) not exist or b) is of
size zero.