Summary from IRC discussion: This isn't sufficient yet as it will still need to regenerate the profiles at the beginning, due to the changing /tmp/adt-run.XXXX paths. It's also a bit ugly as this is supposed to be an internal implementation detail which I wouldn't like to expose for eternity in a command line option.
Alternative proposal: (1) apparmor_click() should become a no-op if /var/cache/apparmor/click-ap.rules already exists (http://paste.ubuntu.com/15335183/) (2) apparmor_restore_click() is already a no-op if apparmor_click() didn't do anything (no change needed) (3) add a setup script which sets a blanket /tmp/adt-run.*/** in the AppArmor policy, so that it works for any run This would keep the current "correct, but slow" behavior, avoids exposing the internals as CLI args, but if you choose to use the setup script once (either manually after you (re)install the phone, or via adt-run --setup-commands) then adt-run will not touch the apparmor profiles at all, and things should be fast. The script should look like this: ---------- 8< ----------------- cat <<EOF > /var/cache/apparmor/click-ap.rules dbus (receive, send) bus=session path=/com/canonical/Autopilot/**, /tmp/adt-run.** r, ---------- 8< ----------------- Omer, could you test the above patch and that setup script and make sure it DTRT? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553797 Title: Provide a way to Update AppArmor rules for click tests only once To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1553797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
