Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

interfaces: clean system apparmor cache on core device (2.29) #4084

Merged
merged 4 commits into from Oct 27, 2017
Merged

interfaces: clean system apparmor cache on core device (2.29) #4084

merged 4 commits into from Oct 27, 2017

Conversation

mvo5
Copy link
Contributor

@mvo5 mvo5 commented Oct 27, 2017

Cherry-pick of #4060 to 2.29.

@mvo5
interfaces: clean system apparmor cache on core device
26f8a54 
The system apparmor cache relies on the mtime of the input files
and will only check for the newest mtime. However this is problematic
on rollbacks when we rollback to a core the mtime of the apparmor
files in the rollback core will be older so that apparmor cache
does not get updated. This means that on rollback of core we run
e.g. snap-confine with the appamor profile of the core we just
reverted from.

Ideally this would be fixed in apparmor itself, however as a short
term fix we can simply clean the cache (it usually contains just
sbin.dhclient and snap-confine anyway) and let apparmor rebuild
the cache dynamically.

See also
https://forum.snapcraft.io/t/core-snap-revert-issues-on-core-devices
@mvo5
address review feedback
883cf94
@mvo5
address review feedback
c0850f9
@mvo5
apparmor/backend_test.go: add missing assert() - thanks to jdstrand!
bbefec4
@mvo5 mvo5 added this to the 2.29 milestone Oct 27, 2017
@codecov-io
Copy link

codecov-io commented Oct 27, 2017
edited

Codecov Report

❗ No coverage uploaded for pull request base (release/2.29@a333a2c). Click here to learn what that means.
The diff coverage is 57.14%.

Impacted file tree graph

@@               Coverage Diff               @@
##             release/2.29    #4084   +/-   ##
===============================================
  Coverage                ?   75.79%           
===============================================
  Files                   ?      433           
  Lines                   ?    37187           
  Branches                ?        0           
===============================================
  Hits                    ?    28185           
  Misses                  ?     7029           
  Partials                ?     1973
Impacted Files Coverage Δ
interfaces/apparmor/backend.go 70.17% <57.14%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a333a2c...bbefec4. Read the comment docs.

@mvo5 mvo5 merged commit 1b7c7bf into snapcore:release/2.29 Oct 27, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.29
2 participants
@mvo5 @codecov-io