Public bug reported: 2.8.96~2652-0ubuntu4 did this: * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in foreach_configured_profile() when loading valid cache files. This used to be needed when apparmor_parser would generate different binary caches when compiling policy one profile at a time and all at once. That bug is long fixed and removing -n1 gives a significant performance improvement for boots with valid cache files (~65% on armhf)
This is great except there is a parser bug that if there is a corrupted cache file, all further cache files fail to load. While it is unusual to have corrupted cache files, the damage is catastrophic if an early cache file is corrupt since all remaining policy fails to load and requires the user to manually delete the corrupted cache files. Fixing the premature exit will not address corrupt cache files, but will allow the remaining good cache files to load. Please see bug #1371765 on how to make cache usage more robust. ** Affects: apparmor (Ubuntu) Importance: Critical Assignee: John Johansen (jjohansen) Status: In Progress ** Tags: rtm14 touch-2014-09-25 ** Changed in: apparmor (Ubuntu) Status: New => In Progress ** Changed in: apparmor (Ubuntu) Importance: Undecided => Critical ** Changed in: apparmor (Ubuntu) Assignee: (unassigned) => John Johansen (jjohansen) ** Tags added: rtm14 touch-2014-09-25 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1371771 Title: premature exit if find corrupted cache files Status in “apparmor” package in Ubuntu: In Progress Bug description: 2.8.96~2652-0ubuntu4 did this: * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in foreach_configured_profile() when loading valid cache files. This used to be needed when apparmor_parser would generate different binary caches when compiling policy one profile at a time and all at once. That bug is long fixed and removing -n1 gives a significant performance improvement for boots with valid cache files (~65% on armhf) This is great except there is a parser bug that if there is a corrupted cache file, all further cache files fail to load. While it is unusual to have corrupted cache files, the damage is catastrophic if an early cache file is corrupt since all remaining policy fails to load and requires the user to manually delete the corrupted cache files. Fixing the premature exit will not address corrupt cache files, but will allow the remaining good cache files to load. Please see bug #1371765 on how to make cache usage more robust. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1371771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp