Comment 7 for bug 1856256

Ok, less sleepy than expected.

> Are you seeing cache messages being logged?
No, but then we weren't passing any flags to apparmor_parser aside from -r, and the only option we had enabled in parser.conf was: Optimize=no-expr-simplify. FWIW, I did try running apparmor_parser with cache-logging flags on a non-production host (with generally similar config to the host from the incident described in my OP), and it indicated cache misses (via STDOUT) for each of the apache subprofiles...but there weren't any "same as current profile, skipping" messages, so I'm not convinced these ended up on the same codepaths.

> Would you be willing to add a flag to parser.conf that would log more info about caching of the complile?
Absolutely -- in fact, I plan to do so! But to be clear, the host on which the original incident occurred is not the kind of host where I could run apparmor_parser just for the sake of collecting telemetry...so no guarantees regarding the timing of the next AA parser run (on that particular host).

> Does the exact same $profile_name get logged multiple times? If so this would indicate userspace is swamping the kernel with multiple replacement requests when not necessary.
Nope! Each profile is logged exactly once, and the order in which they are logged is lexicographic. That is, the logs look like this:

${time1} operation="profile_replace" info="same as current profile, skipping" logged for profile "a"
${time1_plus10_seconds} operation="profile_replace" info="same as current profile, skipping" logged for profile "b"
${time1_plus20_seconds} operation="profile_replace" info="same as current profile, skipping" logged for profile "c"
...