https://bugzilla.novell.com/show_bug.cgi?id=689458 https://bugzilla.novell.com/show_bug.cgi?id=689458#c7 John Johansen <jrjohansen@verizon.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jrjohansen@verizon.net --- Comment #7 from John Johansen <jrjohansen@verizon.net> 2011-10-05 21:15:50 UTC --- Jeff is right that a rewrite of that portion of the code is needed, and is in fact already underway. Depending on your policy this may or may not speed up your compile. There are also other compiler improvements that are being worked on. If anyone is interested in specifics they can ask on #apparmor on oftc.net or on the apparmor mailing list (apparmor@lists.ubuntu.com). But future improvements won't help the current situation. What can immediately is turning on of compiled policy caching. AppArmor will then use the precompiled policy, unless it detects it is out of date (using time stamps, and a few other cues much like make does). Currently caching is only done for the profiles it has been specified for. Ubuntu sets up caching as part of a package install, so if a profile is installed the precompiled profile is generated at that time. Currently precompiled policy is stored in /etc/apparmor.d/cache (Not the ideal place I know) For each compiled profile there will be a corresponding file in /etc/apparmor.d/cache/ eg. If there is a profile /etc/apparmor/bin.ping there will be a cache file /etc/apparmor/cache/bin.ping To generate a cache entry for a profile use apparmor_parser -QW <profile> The -W specifies to write out to the cache, -Q specifies not to load the profile at this time. You can drop the -Q if you want the profile to be loaded. Once the cache file has been generated, apparmor will that until it is detected as stale. When this happens it will recompile the profile, but not update the cache by default. It will be possible to set updating the cache as default behavior in apparmor 2.7, and SUSE may want to consider doing that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.