force-complain symlink disables cache
Bug #1416319 reported by
Christian Boltz
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| AppArmor |
New
|
Undecided
|
Unassigned | ||
Bug Description
If a force-complain symlink exists for a profile, the cache isn't used - which also means loading the profile takes much longer.
Current status (from John):
We are part of the way there.
The force complain flag is now stored as part of the version string at the start of a binary if the kernel supports the new version strings. This allows the force complain flag to be detected and caches properly handled. However the parser still retains the old flush cache if force complain logic, this needs to be modified to be used only if the kernel doesn't support the new version string OR if the stored policy is using the older version string.
To post a comment you must log in.
