/snapd

dirs,interfaces/apparmor: remove unused apparmor cache entries #770

Merged
merged 6 commits into from Apr 1, 2016

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@zyga @niemeyer @jdstrand
@zyga
Contributor

zyga commented Mar 31, 2016

This branch ensures we remove entries from /var/cache/apparmor corresponding to removed apparmor profiles. We have to do this because apparmor_parser writes the cache but never removes it.

zyga added some commits Mar 31, 2016

@zyga
dirs: add variable for /var/cache/apparmor 
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
f78b722
@zyga
interfaces/apparmor: use variable for /var/cache/apparmor 
This patch just makes access to apparmor cache directory follow standard
directory variables so that upcoming support to apparmor cache removal
can be easily tested.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
c20773a
@zyga
interfaces/apparmor: add RemoveCachedProfile() 
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
6ac0edf
@zyga
interfaces/apparmor: remove cache when removing profile 
This patch ensures that we remove the apparmor cache file when removing
the profile text. The cache is written by apparmor_parser but is never
removed.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

Some checks were not successful

1 failing and 3 successful checks
@snappy-m-o
Integration tests — No test results found.
Details
@snappy-m-o
autopkgtest — Success No test results found.
Details
continuous-integration/travis-ci/pr — The Travis CI build passed
Details
coverage/coveralls — Coverage increased (+0.001%) to 76.587%
Details
493120d
interfaces/apparmor/apparmor_test.go
@@ -70,6 +73,22 @@ apparmor_parser output:
"--replace --write-cache -O no-expr-simplify --cache-loc=/var/cache/apparmor /path/to/snap.samba.smbd"})
@jdstrand

jdstrand Mar 31, 2016

Contributor

This context for the diff shows a hard-coded --cache-loc. Please adjust it and any other uses of --cache-loc. With those changes, LGTM.

@zyga

zyga Mar 31, 2016

Contributor

This is okay (in this case) because we don't divert the root directory. I can add the diversion to ensure we are indeed using the variable name.

interfaces/apparmor/backend.go
@@ -169,12 +169,14 @@ func reloadProfiles(profiles []string) error {
return nil
}
-func unloadProfiles(profiles []string) error {
+func unloadAndRemoveCachedProfiles(profiles []string) error {
@niemeyer

niemeyer Mar 31, 2016

Contributor

Let's please keep the original function name. The point is still to unload the profile. The fact we clean up the cache is an implementation detail of it.

@zyga

zyga Apr 1, 2016

Contributor

Done

interfaces/apparmor/backend_test.go
+ err = os.MkdirAll(dirs.AppArmorCacheDir, 0700)
+ c.Assert(err, IsNil)
+ // Mock away any real apparmor interaction
+ s.cmds = map[string]*testutil.MockCmd{
@niemeyer

niemeyer Mar 31, 2016

Contributor

Why do we need this map?

parser := testutil.MockCommand(c, "apparmor_parser" ...)

?

@niemeyer

niemeyer Mar 31, 2016

Contributor

Same for all equivalent entries below.

@zyga

zyga Apr 1, 2016

Contributor

We don't, it's just looks nicer to me to refer to a particular command as it appears on the shell rather than through a go variable name. I can get rid of it easily.

@zyga

zyga Apr 1, 2016

Contributor

Removed now

interfaces/apparmor/apparmor.go
@@ -49,6 +52,11 @@ func LoadProfile(fname string) error {
return nil
}
+// RemoveCachedProfile removes binary cache file from /var/cache/apparmor
+func RemoveCachedProfile(profile string) error {
+ return os.Remove(filepath.Join(dirs.AppArmorCacheDir, profile))
@niemeyer

niemeyer Mar 31, 2016

Contributor

Why isn't that being done inside UnloadProfile itself? This would make it the complement of LoadProfile, which writes the cache.

@zyga

zyga Apr 1, 2016

Contributor

Yeah, that makes sense. Done now.

@niemeyer
Contributor

niemeyer commented Mar 31, 2016

LGTM, but it feels like the logic might be simplified a bit in some cases, per inline comments.

zyga added some commits Apr 1, 2016

@zyga
intefaces/apparmor: unify UnloadProfile and RemoveCachedProfile 
This patch merges the two function so that LoadProfile is completely
undone by UnloadProfile. In addition, it is no longer an error for
UnloadProfile to not remove a missing cache entry (for whatever reason,
the cache might be missing and this should not be a problem).

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

All checks have passed

4 successful checks
@snappy-m-o
Integration tests — Success 62 tests run, 0 skipped, 0 failed.
Details
@snappy-m-o
autopkgtest — Success No test results found.
Details
continuous-integration/travis-ci/pr — The Travis CI build passed
Details
coverage/coveralls — Coverage decreased (-0.07%) to 76.515%
Details
43e96c9
@zyga
interfaces/apparmor: simplify mocking of apparmor_parser 
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

All checks have passed

4 successful checks
@snappy-m-o
Integration tests — Success 62 tests run, 0 skipped, 0 failed.
Details
@snappy-m-o
autopkgtest — Success No test results found.
Details
continuous-integration/travis-ci/pr — The Travis CI build passed
Details
coverage/coveralls — Coverage decreased (-0.06%) to 76.523%
Details
2d36de7

@zyga zyga merged commit baf26ec into snapcore:master Apr 1, 2016
2 of 4 checks passed

2 of 4 checks passed

Integration tests Started
Details
autopkgtest Triggered
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage decreased (-0.06%) to 76.523%
Details
interfaces/apparmor/backend_test.go
+ err = os.MkdirAll(dirs.AppArmorCacheDir, 0700)
+ c.Assert(err, IsNil)
+ // Mock away any real apparmor interaction
+ s.mockCmd = testutil.MockCommand(c, "apparmor_parser", fakeAppArmorParser)
@niemeyer

niemeyer Apr 1, 2016

Contributor

Which mock command? This should probably be s.parserCmd.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment