[apparmor] Policy cache
Seth Arnold
seth.arnold at gmail.com
Fri Nov 11 04:34:39 UTC 2011
On Thu, Nov 10, 2011 at 8:20 PM, John Johansen
<john.johansen at canonical.com> wrote:
>> If you really want, make it a config option - but please try to avoid
>> that AppArmor gets renamed to KAppArmor one day *eg*
>>
> ugh kAppArmor yuk
You'd rather have gAppArmor, with no configuration options at all? :)
> I missed faster boot time after a new kernel install. We can't
> currently just create cache for the new kernel being installed,
> because another package being installed might come along after and
> cause cache rebuilds based on the current kernel.
If you can figure out the binary version and features versions from a
kernel package, we could do the policy re-compiling out of
/etc/kernel/postinst.d/ to try to get some of them populated in a new
cache directory (presuming version and features cache directories)
_before_ reboot. nice nice ionice -c 3 /etc/init.d/apparmor recache &
could probably get a few rebuilt before a reboot.
More information about the AppArmor
mailing list