Click Apparmor

Merge lp:~jdstrand/click-apparmor/lp1383858 into lp:click-apparmor

  1. lp1383858
  2. Merge into trunk
Proposed by Jamie Strandboge
Status: Merged
Approved by: Jamie Strandboge
Approved revision: 125
Merged at revision: 125
Proposed branch: lp:~jdstrand/click-apparmor/lp1383858
Merge into: lp:click-apparmor
Diff against target: 30 lines (+10/-0)
2 files modified
aa-clickhook (+3/-0)
debian/changelog (+7/-0)
To merge this branch: bzr merge lp:~jdstrand/click-apparmor/lp1383858
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+239225@code.launchpad.net

Description of the change

aa-clickhook: disable expr tree simplification when calling the parser since this considerably slows down click policy compiles (LP: #1383858).

Installing click-appamor and python3-apparmor-click show that profiles are being loaded with the added option:

$ ps auxww|grep apparmor_parser
root 29828 0.0 0.2 34808 21520 pts/45 R+ 12:00 0:00 /sbin/apparmor_parser -r --write-cache -O no-expr-simplify --cache-loc=/var/cache/apparmor /var/lib/apparmor/profiles/click_com.ubuntu.developer.jdstrand.applicationlifecycleapp_ApplicationLifecycleApp_0.1

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

This patch looks good to me, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'aa-clickhook'
--- aa-clickhook 2014-10-07 14:32:06 +0000
+++ aa-clickhook 2014-10-22 16:05:18 +0000
@@ -151,8 +151,11 @@
151 warn("AppArmor not available when processing AppArmor hook")151 warn("AppArmor not available when processing AppArmor hook")
152152
153 if is_available:153 if is_available:
154 # LP: #1383858 - expr tree simplification is too slow for click policy
155 # so disable it for now
154 click.load_profiles(load_profiles,156 click.load_profiles(load_profiles,
155 args=['-r', '--write-cache',157 args=['-r', '--write-cache',
158 '-O', 'no-expr-simplify',
156 '--cache-loc=%s' % apparmor_cache])159 '--cache-loc=%s' % apparmor_cache])
157160
158 # missing_clicks has the profile filename so we need to find the161 # missing_clicks has the profile filename so we need to find the
159162
=== modified file 'debian/changelog'
--- debian/changelog 2014-10-07 18:35:58 +0000
+++ debian/changelog 2014-10-22 16:05:18 +0000
@@ -1,3 +1,10 @@
1click-apparmor (0.2.11.1+rtm1) 14.09; urgency=medium
2
3 * aa-clickhook: disable expr tree simplification when calling the parser
4 since this considerably slows down click policy compiles (LP: #1383858)
5
6 -- Jamie Strandboge <jamie@ubuntu.com> Wed, 22 Oct 2014 11:39:55 -0400
7
1click-apparmor (0.2.11.1) utopic; urgency=medium8click-apparmor (0.2.11.1) utopic; urgency=medium
29
3 * aa-clickhook: don't remove the lock file so we can properly handle 3 or10 * aa-clickhook: don't remove the lock file so we can properly handle 3 or

Subscribers

People subscribed via source and target branches