apparmor caching is not working which has severely regressed boot time

Bug #949891 reported by Marc Deslauriers on 2012-03-08
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
John Johansen
Precise
High
John Johansen

Bug Description

AppArmor added 30 seconds to the boot time between 2012-03-04 and 2012-03-06:

http://reports.qa.ubuntu.com/reports/boot-speed/acer-veriton-02/index.html

Related branches

Marc Deslauriers (mdeslaur) wrote :

Related to LP: #940362?

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu Precise):
importance: Undecided → High
milestone: none → ubuntu-12.04-beta-2
tags: added: rls-p-tracking
Jamie Strandboge (jdstrand) wrote :

This corresponds to the evince upload and is related to bug #940362 somewhat. Any time a profile changes or the kernel changes in a way that requires recompiling the profiles there is a one time performance cost of recompiling those profiles. evince in particular takes a long time to compile on some systems. We had to back out the minimization patch to workaround bug #940362, but even with minimization you would still have seen a significant spike (guessing here-- on same system it might have been 20-25 seconds).

We should be using binary caches now so that if the profile doesn't change and the kernel doesn't change then we don't have to recompile and we just load the profiles from cache. It looks like the 2.7.99 upload isn't updating the cache properly as I only see one profile in /etc/apparmor.d/cache, but we should have six.

Changed in apparmor (Ubuntu Precise):
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Attached is a test script to show the problem.

On 11.10:
$ sudo /tmp/949891.sh
Caching lightdm-guest-session: pass
Caching sbin.dhclient: pass
Caching usr.bin.evince: pass
Caching usr.bin.firefox: skipped
Caching usr.lib.telepathy: pass
Caching usr.sbin.cupsd: pass
Caching usr.sbin.tcpdump: pass

On 12.04:
$ sudo /tmp/949891.sh
Caching lightdm-guest-session: FAIL
Caching sbin.dhclient: FAIL
Caching usr.bin.evince: FAIL
Caching usr.bin.firefox: skipped
Caching usr.lib.telepathy: FAIL
Caching usr.sbin.cupsd: FAIL
Caching usr.sbin.rsyslogd: skipped
Caching usr.sbin.tcpdump: FAIL

Jamie Strandboge (jdstrand) wrote :

We have an apparmor upload planned and will incorporate a fix for this into it.

Changed in apparmor (Ubuntu Precise):
assignee: Jamie Strandboge (jdstrand) → John Johansen (jjohansen)
summary: - apparmor upload has severely regressed 2012-03-06 boot time
+ apparmor caching is not working which has severely regressed boot time
Jamie Strandboge (jdstrand) wrote :

John Johansen tells me that this bug is known and the upcoming patch series fixes it. So pending upstream review, our next apparmor upload will fix this.

Changed in apparmor (Ubuntu Precise):
assignee: John Johansen (jjohansen) → Jamie Strandboge (jdstrand)
status: Confirmed → In Progress
Changed in apparmor (Ubuntu Precise):
assignee: Jamie Strandboge (jdstrand) → John Johansen (jjohansen)
tags: added: rls-mgr-p-tracking
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.7.100-0ubuntu1

---------------
apparmor (2.7.100-0ubuntu1) precise; urgency=low

  * New upstream bug fix release which fixes (in addition to other bugs):
    - LP: #940362
    - LP: #947617
    - LP: #949891
  * Drop the following patches, included upstream:
    - 0004-lp918879.patch
    - 0007-lp941506.patch
    - 0008-lp941503.patch
    - 0009-lp943161.patch
  * Drop the following patch, no longer required:
    - 0005-disable-minimization.patch
  * Rename 0006-lp941808.patch 0004-lp941808.patch
  * debian/patches/0001-add-chromium-browser.patch: update for additional
    denials with newer chromium-browser. (LP: #937723)
  * debian/put-all-profiles-in-complain-mode.sh: deal with existing flags
 -- Jamie Strandboge <email address hidden> Fri, 09 Mar 2012 06:56:48 -0600

Changed in apparmor (Ubuntu Precise):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments