touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

Public bug reported:

AppArmor has several optimization options that can be used to help speed
up policy compiles for certain types of policy. Currently, we are using
expr tree simplification option by default, which has dramatic affects
on policy compiles for the evince profile. However, with click profiles
not using expr tree simplification (ie, adding the '-O no-expr-simplify'
option) can improve click policy generation by 44%.

The proper fix is to adjust expr tree simplification to not be more
efficient, however, in the short term we can adjust the apparmor upstart
job to use '-O no-expr-simplify' when compiling policy in
/var/lib/apparmor/profiles but leave /etc/apparmor.d alone. We can do
the same with click-apparmor.

** Affects: apparmor (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: click-apparmor (Ubuntu)
     Importance: High
         Status: Triaged

** Also affects: click-apparmor (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: apparmor (Ubuntu)
       Status: New => Triaged

** Changed in: click-apparmor (Ubuntu)
       Status: New => Triaged

** Changed in: apparmor (Ubuntu)
   Importance: Undecided => High

** Changed in: click-apparmor (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1383858

Title:
  use 'no-expr-simplify' parser option for clicks

Status in “apparmor” package in Ubuntu:
  Triaged
Status in “click-apparmor” package in Ubuntu:
  Triaged

Bug description:
  AppArmor has several optimization options that can be used to help
  speed up policy compiles for certain types of policy. Currently, we
  are using expr tree simplification option by default, which has
  dramatic affects on policy compiles for the evince profile. However,
  with click profiles not using expr tree simplification (ie, adding the
  '-O no-expr-simplify' option) can improve click policy generation by
  44%.

  The proper fix is to adjust expr tree simplification to not be more
  efficient, however, in the short term we can adjust the apparmor
  upstart job to use '-O no-expr-simplify' when compiling policy in
  /var/lib/apparmor/profiles but leave /etc/apparmor.d alone. We can do
  the same with click-apparmor.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1383858/+subscriptions