First boot slow after profile change
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Apparently, after a change is made to an apparmor profile, the first boot of the phone after an update is really slow because all profiles for all applications are compiled up-front, and that process is slow.
This current affects our ability to make a simple change:
https:/
This situation isn't great. If the concern about the boot speed is so large that it prevents us from structuring our software they way we need it, we have things the wrong way around, IMO.
Would it be possible to make the compilation process faster instead? For example, compile the profiles lazily, when an application is first started, instead of doing it all up-front? Or maybe simply make the tool faster?
Changed in apparmor-easyprof-ubuntu (Ubuntu): | |
status: | New → Confirmed |
affects: | apparmor-easyprof-ubuntu (Ubuntu) → apparmor (Ubuntu) |
The duplicate status is not wrong but the information in that bug is dense. Please read it for a more in depth answer
1. a simple change does not necessarily cause all policy to be recompiled. Only policy that is dependent on the change is recompiled.
2. Yes policy compilation can be sped up. There have been a steady stream of improvements, but the low hanging fruit has been fixed. So do not expect dramatic improvements any time soon.
3. Policy compile does not have to be done at boot, it can be done at update time or when an application is launched, and for policy that is part of a system update on the server as part of the image build. However moving compile to application launch time would slow down application launch further which is already considered slow.