FWIW this aa-preprocess tool sounds like it would be good to run via a github action so that it can suggest changes to the existing profiles which would then be made by hand.
-- You received this bug notification because you are a member of AppArmor Developers, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2025030 Title: apparmor_parser -O no-expr-simplify problematic Status in snapd: In Progress Bug description: There was a recent issue with a core refresh that caused breakage. Upon further investigation it turns out that the apparmor_parser uses an substantial of memory. Upon some more investigation it turns out that that -O no-expr- simplify makes both time to compile and memory usage increase 10x. Tested with 22.04 but I see the same ballpark results with 16.04: $ /usr/bin/time --verbose apparmor_parser -S 2.59/profiles/snap.screenly-client.command-executor > /dev/null Command being timed: "apparmor_parser -S 2.59/profiles/snap.screenly-client.command-executor" User time (seconds): 4.32 Maximum resident set size (kbytes): 117392 $ /usr/bin/time --verbose apparmor_parser -O no-expr-simplify -S 2.59/profiles/snap.screenly-client.command-executor > /dev/null Command being timed: "apparmor_parser -O no-expr-simplify -S 2.59/profiles/snap.screenly-client.command-executor" User time (seconds): 40.64 Maximum resident set size (kbytes): 1015816 Profile is attached. It seems like we seriously need to consider dropping "-O no-expr-simplify". For context: https://bugs.launchpad.net/ubuntu-rtm/+source/apparmor/+bug/1383858 is why it was added in the first place And some recent work to make things faster: https://gitlab.com/apparmor/apparmor/-/merge_requests/711 To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2025030/+subscriptions
