e) installation, size, load
Installing this bin:apparmor.d package on an intel nuc with 8Gb of ram
took 3minutes.
While that was happening, 4 apparmor_parser processes were running, taking 100%
cpu each
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
52519 root 20 0 35928 30432 2048 R 84.7 0.4 0:02.55
apparmor_parser
52521 root 20 0 32568 27104 2048 R 79.1 0.3 0:02.38
apparmor_parser
52525 root 20 0 26236 20704 2048 R 64.8 0.3 0:01.95
apparmor_parser
52527 root 20 0 25008 19552 2048 R 53.2 0.2 0:01.60
apparmor_parser
triggered by postinst:
51239 ? Ss 0:00 /bin/sh /lib/apparmor/apparmor.systemd reload
51248 ? S 0:00 \_ /sbin/apparmor_parser --write-cache --replace
-- /etc/apparmor.d
52596 ? R 0:02 \_ /sbin/apparmor_parser --write-cache
--replace -- /etc/apparmor.d
52611 ? R 0:01 \_ /sbin/apparmor_parser --write-cache
--replace -- /etc/apparmor.d
52620 ? R 0:01 \_ /sbin/apparmor_parser --write-cache
--replace -- /etc/apparmor.d
52626 ? R 0:00 \_ /sbin/apparmor_parser --write-cache
--replace -- /etc/apparmor.d
These were always new processes, but in batches of 4
In the end, that system had 2085 profiles loaded. What's the
short/medium term goal for this package? Who will install this? How are
these profiles going to be tested? And I guess the big question: given
this load/time/cpu issue, why not ship the profiles with each src
package in ubuntu? Have the pros and cons been discussed somewhere?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2121409
Title:
[FFE] add a new apparmor.d package containing several apparmor
profiles
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121409/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
