apparmor_parser --show-cache writes "(null)" cache file for stdin

Bug #1787717 reported by Christian Boltz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
New
Undecided
Unassigned

Bug Description

I just noticed a funny behaviour of the parser:

# apparmor_parser --show-cache
Cache: added primary location '/var/cache/apparmor'
Warnung aus stdin (Zeile 1): Cache: added readonly location '/usr/share/apparmor/cache'
Warnung aus stdin (Zeile 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin
Cache miss: stdin
Wrote cache: /var/cache/apparmor/9b2cd0d0.0/(null)

(I pressed Ctrl-D when the parser waited for input)

# ls -l /var/cache/apparmor/9b2cd0d0.0/*null*
-rw------- 1 root root 0 1. Jan 1970 /var/cache/apparmor/9b2cd0d0.0/(null)

I'm not sure if it makes sense to write cache files for stdin - actually the parser already warns "cannot use or update cache ... via stdin".

Even if you really think writing cache for stdin makes sense, it's probably a good idea not to use "(null)" as filename ;-)

Tags: aa-parser
Revision history for this message
John Johansen (jjohansen) wrote :

currently apparmor can not use the cache for stdin because the cache file names are based on the policy file names, not the profiles in the file. As the profiles within the file are kept together as a single load unit.

It could be possible to add support for caching stdin via a content hashing mechanism.

Revision history for this message
John Johansen (jjohansen) wrote :

oh and (null) is not the cache file name it is the null pointer to the cache file name. The parser should not be reporting that it wrote that.

Revision history for this message
Christian Boltz (cboltz) wrote :

"(null)" _is_ the cache file name, so the parser is correct in reporting that it wrote that cache file ;-)

# ls -l /var/cache/apparmor/9b2cd0d0.0/*null*
-rw------- 1 root root 0 1. Jan 1970 /var/cache/apparmor/9b2cd0d0.0/(null)

(empty file because I only pressed Ctrl-D, but I can easily produce a non-empty "(null)" cache file by entering a valid profile via stdin)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.