On the encouragement from mvo, I made a small tool that can optimize a generated snapd apparmor profile. By using the profile from this bug, I can see almost 50% improvement in cpu time and memory time. It was just a small side-project while I was working.
User time (seconds): 3.56
Maximum resident set size (kbytes): 167712
Both times are run with "apparmor_parser -O no-expr-simplify". The tool is not that sophisticated and simply consolidates lines that match each other in permissions and wildcards to reduce the number of lines in the apparmor profile. It also only runs on lines starting with /sys/devices currently, but could be extended to others. The resulting profile is not extensively tested either, so take this with a grain of salt as well.
Maybe it's something that can be considered somewhere to increase performance?
On the encouragement from mvo, I made a small tool that can optimize a generated snapd apparmor profile. By using the profile from this bug, I can see almost 50% improvement in cpu time and memory time. It was just a small side-project while I was working.
https:/ /github. com/Meulengrach t/aa-preprocess
Profile used (https:/ /launchpadlibra rian.net/ 674087996/ snap.screenly- client. command- executor)
Before running the tool
User time (seconds): 6.73
Maximum resident set size (kbytes): 294408
After running the tool /paste. ubuntu. com/p/GCt6j4zrz W/)
Optimized profile here (https:/
User time (seconds): 3.56
Maximum resident set size (kbytes): 167712
Both times are run with "apparmor_parser -O no-expr-simplify". The tool is not that sophisticated and simply consolidates lines that match each other in permissions and wildcards to reduce the number of lines in the apparmor profile. It also only runs on lines starting with /sys/devices currently, but could be extended to others. The resulting profile is not extensively tested either, so take this with a grain of salt as well.
Maybe it's something that can be considered somewhere to increase performance?