← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #28234

[Bug 1383858] Re: improve click apparmor policy times by using 'no-expr-simplify' parser option for click policy

  Thread PreviousDate PreviousThread Next 
** Summary changed:

- use 'no-expr-simplify' parser option for clicks
+ improve click apparmor policy times by using 'no-expr-simplify' parser option for click policy

** Changed in: apparmor (Ubuntu)
   Importance: High => Critical

** Changed in: click-apparmor (Ubuntu)
   Importance: High => Critical

** Changed in: click-apparmor (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: apparmor (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Tags added: rtm14

** Description changed:

  AppArmor has several optimization options that can be used to help speed
  up policy compiles for certain types of policy. Currently, we are using
  expr tree simplification option by default, which has dramatic affects
  on policy compiles for the evince profile. However, with click profiles
  not using expr tree simplification (ie, adding the '-O no-expr-simplify'
  option) can improve click policy generation by 44%.
  
- The proper fix is to adjust expr tree simplification to not be more
- efficient, however, in the short term we can adjust the apparmor upstart
- job to use '-O no-expr-simplify' when compiling policy in
- /var/lib/apparmor/profiles but leave /etc/apparmor.d alone. We can do
- the same with click-apparmor.
+ Short term for rtm is to to use '-O no-expr-simplify' when compiling
+ policy in /var/lib/apparmor/profiles but leave /etc/apparmor.d alone. We
+ can do the same with click-apparmor.
+ 
+ The long term fix is to adjust expr tree simplification to be more
+ efficient (at least as fast as without) and drop the '-O no-expr-
+ simplify' option.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click-apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1383858

Title:
  improve click apparmor policy times by using 'no-expr-simplify' parser
  option for click policy

Status in “apparmor” package in Ubuntu:
  Triaged
Status in “click-apparmor” package in Ubuntu:
  Triaged

Bug description:
  AppArmor has several optimization options that can be used to help
  speed up policy compiles for certain types of policy. Currently, we
  are using expr tree simplification option by default, which has
  dramatic affects on policy compiles for the evince profile. However,
  with click profiles not using expr tree simplification (ie, adding the
  '-O no-expr-simplify' option) can improve click policy generation by
  44%.

  Short term for rtm is to to use '-O no-expr-simplify' when compiling
  policy in /var/lib/apparmor/profiles but leave /etc/apparmor.d alone.
  We can do the same with click-apparmor.

  The long term fix is to adjust expr tree simplification to be more
  efficient (at least as fast as without) and drop the '-O no-expr-
  simplify' option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1383858/+subscriptions

References

  Thread PreviousDate PreviousThread Next