@Alex Murray <[email protected]> github action is good idea to optimise on the interface level and PR I open is trying to do that (though I have done it manually) But this has limitation as this optimisation can be done only per interface. Preprocessing the full profile has the potential to optimise cross-interfaces when multiple interfaces could define the same expression. But one can argue that apparmor_parser should have this as the first step before even parsing the profile, dummy dedupe and simplification of the profile before building the tree. it seems a lot cheaper as pre-processing step
On Tue, 4 Jul 2023 at 04:25, John Johansen <[email protected]> wrote: > so I think this is largely because the apparmor version snap is using is > not running rule deduplication on mount rules. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/2025030 > > Title: > apparmor_parser -O no-expr-simplify problematic > > Status in snapd: > In Progress > > Bug description: > There was a recent issue with a core refresh that caused breakage. > Upon further investigation it turns out that the apparmor_parser uses > an substantial of memory. > > Upon some more investigation it turns out that that -O no-expr- > simplify makes both time to compile and memory usage increase 10x. > Tested with 22.04 but I see the same ballpark results with 16.04: > > $ /usr/bin/time --verbose apparmor_parser -S > 2.59/profiles/snap.screenly-client.command-executor > /dev/null > Command being timed: "apparmor_parser -S > 2.59/profiles/snap.screenly-client.command-executor" > User time (seconds): 4.32 > Maximum resident set size (kbytes): 117392 > > $ /usr/bin/time --verbose apparmor_parser -O no-expr-simplify -S > 2.59/profiles/snap.screenly-client.command-executor > /dev/null > Command being timed: "apparmor_parser -O no-expr-simplify -S > 2.59/profiles/snap.screenly-client.command-executor" > User time (seconds): 40.64 > Maximum resident set size (kbytes): 1015816 > > Profile is attached. > > > It seems like we seriously need to consider dropping "-O > no-expr-simplify". > > For context: > https://bugs.launchpad.net/ubuntu-rtm/+source/apparmor/+bug/1383858 > is why it was added in the first place > > And some recent work to make things faster: > https://gitlab.com/apparmor/apparmor/-/merge_requests/711 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/snapd/+bug/2025030/+subscriptions > > -- You received this bug notification because you are a member of AppArmor Developers, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2025030 Title: apparmor_parser -O no-expr-simplify problematic Status in snapd: In Progress Bug description: There was a recent issue with a core refresh that caused breakage. Upon further investigation it turns out that the apparmor_parser uses an substantial of memory. Upon some more investigation it turns out that that -O no-expr- simplify makes both time to compile and memory usage increase 10x. Tested with 22.04 but I see the same ballpark results with 16.04: $ /usr/bin/time --verbose apparmor_parser -S 2.59/profiles/snap.screenly-client.command-executor > /dev/null Command being timed: "apparmor_parser -S 2.59/profiles/snap.screenly-client.command-executor" User time (seconds): 4.32 Maximum resident set size (kbytes): 117392 $ /usr/bin/time --verbose apparmor_parser -O no-expr-simplify -S 2.59/profiles/snap.screenly-client.command-executor > /dev/null Command being timed: "apparmor_parser -O no-expr-simplify -S 2.59/profiles/snap.screenly-client.command-executor" User time (seconds): 40.64 Maximum resident set size (kbytes): 1015816 Profile is attached. It seems like we seriously need to consider dropping "-O no-expr-simplify". For context: https://bugs.launchpad.net/ubuntu-rtm/+source/apparmor/+bug/1383858 is why it was added in the first place And some recent work to make things faster: https://gitlab.com/apparmor/apparmor/-/merge_requests/711 To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2025030/+subscriptions
