Comment 7 for bug 2025030
Revision history for this message
| Philip Meulengracht (the-meulengracht) wrote | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On the encouragement from mvo, I made a small tool that can optimize a generated snapd apparmor profile. By using the profile from this bug, I can see almost 50% improvement in cpu time and memory time. It was just a small side-project while I was working.
https:/
Profile used (https:/
Before running the tool
User time (seconds): 6.73
Maximum resident set size (kbytes): 294408
After running the tool
Optimized profile here (https:/
User time (seconds): 3.56
Maximum resident set size (kbytes): 167712
Both times are run with "apparmor_parser -O no-expr-simplify". The tool is not that sophisticated and simply consolidates lines that match each other in permissions and wildcards to reduce the number of lines in the apparmor profile. It also only runs on lines starting with /sys/devices currently, but could be extended to others. The resulting profile is not extensively tested either, so take this with a grain of salt as well.
Maybe it's something that can be considered somewhere to increase performance?