Made a test on 3.0.13 kernel with apparmor 2.6.1 utilities. Reloading one profile with 9486 HATs on dual core 3.06GHz intel E6600 (no load) with 4GB of ram takes only... _40 minutes_.
This is more than unusable :-/ Entire policy in txt files in 54MB. There is 1500 exactly the same hats for example with only hat name being different. This scheme occurs frequently in my policy, just with smaller values - like tons of 1-20 exactly the same hat-sets. -- You received this bug notification because you are a member of AppArmor Developers, which is the registrant for AppArmor. https://bugs.launchpad.net/bugs/590113 Title: parser takes very long time to reload profile Status in AppArmor Linux application security framework: New Bug description: I have a single policy with over 1300 hats. Reloading it takes over 3 min 30 s on 2 x Dual Core Opteron 2GHz, 6GB RAM with apparmor 2.5. The server is of course doing also other things than reloading policy but the load isn't anything big (it's like ~2). Policy attached. To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/590113/+subscriptions -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
