Hello, Am Mittwoch, 20. April 2016, 23:52:50 CEST schrieb John Johansen: ... > + help > + This option selects whether sha1 hashing of loaded policy > + is enabled by default. The generation of sha1 hashes for > + loaded policy provide system administrators a quick way > + to verify that policy in the kernel matches what is expected, > + however it can slow down policy load on some devices. In > + these cases policy hashing can be disabled by default and > + enabled only if needed.
I'm surprised that calculating some sha1 hashes brings a noticable slowdown ;-) Just curious - would it make sense to calculate the sha1 only when reading it from apparmorfs, instead of doing it at profile load time? (I'd guess that loading a profile happens more often than reading a sha1 from apparmorfs, and it would solve the "slow down load" part.) Regards, Christian Boltz -- TikiWiki ist eine sehr umfassende Sammlung von Sicherheitslücken, konzeptuellen Problemen und Performancekillern, die alles kann und nichts richtig. [Kristian Köhntopp auf http://blog.koehntopp.de/archives/2051-5-Jahre-Blogging.html]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
