Comment 3 for bug 1848567
Revision history for this message
| John Johansen (jjohansen) wrote Re: autogenerated per-snap snap-update-ns apparmor profile may contain many duplicate rules causing excessive parser memory usage | #3 |
The apparmor_parser does a dedup pass and a simplification pass before state machine build and minimization.
Unfortunately the parser is not applying dedup to the mount rules, and the simplification pass is disabled.
-O expr-simplify: 2.45s RSS: 151.3 MB
-O no-expr-simplify 3.24s RSS: 1.2 GB
The reported difference between sorted/uniqued can be fixed by fixing the dedup pass for mount rules.