pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
130681d7f5
apparmor/apparmor-enable-profile-cache.diff
Christian Boltz 2cd05a8c5f Accepting request 598826 from home:cboltz 
- create and package precompiled cache (/usr/share/apparmor/cache,
  read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
  new btrfs layout, the only reason for using /var/lib/apparmor/cache/
  (which was "it's part of the / subvolume") is gone, and /var/cache
  makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
  cache locations
- clear cache also in %post of abstractions package

OBS-URL: https://build.opensuse.org/request/show/598826
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=208
2018-04-19 23:21:57 +00:00

47 lines
1.4 KiB
Diff
Raw Blame History

Enable caching of profiles.
This speeds up loading the (unchanged) profiles about 20 times.
Upstream doesn't enable caching because the cache directory is not
writeable at the time profiles are loaded in Ubuntu.
See also bnc#689458
Also set the cache location to /var/cache/apparmor/ (writeable) and
/usr/share/apparmor/cache/ (packaged precompiled cache), and adjust
the mount requirements in apparmor.service accordingly.
See boo#1069906 and boo#1074429
Signed-off by: Christian Boltz <apparmor@cboltz.de>
Index: parser/parser.conf
===================================================================
--- parser/parser.conf_ORIG 2018-04-19 22:47:18.485179998 +0200
+++ parser/parser.conf 2018-04-19 22:51:12.084588654 +0200
@@ -31,7 +31,10 @@
# match-string "pattern=aadfa audit perms=crwxamlk/ user::other"
## Turn creating/updating of the cache on by default
-#write-cache
+write-cache
+
+# cache location (cache writes go to the first directory in the list)
+cache-loc /var/cache/apparmor,/usr/share/apparmor/cache
## Show cache hits
#show-cache
--- parser/apparmor.service_ORIG 2018-04-19 22:58:12.631443321 +0200
+++ parser/apparmor.service 2018-04-19 22:58:47.903343044 +0200
@@ -4,7 +4,7 @@ DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
# profile cache
-After=var.mount var-lib.mount
+After=var.mount var-cache.mount usr.mount usr-share.mount
ConditionSecurity=apparmor
[Service]
Reference in New Issue View Git Blame Copy Permalink