Yes kicking off a policy compile as part of an update should be possible. It certainly is for .debs, I am not sure of the exact details for click or snappy.
As mentioned above, this compile could even be done as a low priority background task so that the user update wouldn't pick up the cost. Policy compiles are rather cpu intensive so it could cause stuttering but if the priority was low enough I don't think it would be much worse than the delay in ramping up an idle down clocked cpu. Memory wise compiles tend to be in the 10-50 MB range, so not great but not so bad that they should cause issue for anything but things like browsers. If the oom score was set so that the background compile was killed before the foreground task, the worst you might see would be the oom causing a pause while it frees up some memory. The policy compiles are done in such a way that killing the compiler should not cause an issue, the updates are built in tmp and moved into place only once complete, so that the worst that would happen if the update was killed was the compile happening on next boot. So yes, there are lots of options currently available to improve the current experience. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350598 Title: AppArmor policy compile improvements To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1350598/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
