Merge lp:~mvo/snappy/snappy-lp1460152-workaround into lp:~snappy-dev/snappy/snappy-moved-to-github
Status: | Work in progress |
---|---|
Proposed branch: | lp:~mvo/snappy/snappy-lp1460152-workaround |
Merge into: | lp:~snappy-dev/snappy/snappy-moved-to-github |
Diff against target: |
157 lines (+78/-6) 5 files modified
helpers/helpers.go (+17/-0) helpers/helpers_test.go (+11/-1) snappy/dirs.go (+4/-0) snappy/systemimage.go (+16/-5) snappy/systemimage_test.go (+30/-0) |
To merge this branch: | bzr merge lp:~mvo/snappy/snappy-lp1460152-workaround |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ricardo Salveti (community) | Needs Information | ||
Review via email: mp+261144@code.launchpad.net |
Commit message
This branch adds a workaround for LP: #1460152 to prevent that the
apparmor profile and cache get out of sync.
Description of the change
This branch adds a workaround for LP: #1460152 to prevent that the
apparmor profile and cache get out of sync.
Unmerged revisions
- 486. By Michael Vogt
-
Remove /etc/apparmor.
d/cache/ * on upgrade to workaround lp1460152 This works around the issue that the way apparmor creates the cache
is based on the mtime of the profile. So if the mtime of the profile
is older than the mtime of the cache file the cache is not re-generated.This is a problem because:
- boot stable, /etc/apparmor.d/cache/ usr.bin. ubuntu- core-launcher is mtime of now because we generate the cache on boot
- upgrade to edge, /etc/apparmor.d/usr.bin. ubuntu- core-launcher is updated and has the mtime of T (yesterday) when the file was put into the package
- on the next reboot the apparmor_parser compares the mtime of the cache/usr.bin.ubuntu- core-launcher (very very recent) with the mtime of the souce usr.bin. ubuntu- core-launcher (much older)
-> cache does is *not* re-generateThe real fix is IMO that apparmor adds the mtime of the profile into
the header of the cache file (or makes the mtime of the cache file)
the mtime of the profile and re-generated if they get out of sync
(instead of checking for newer).
I linked the bug, we can add a task for a proper implementation.