* [PR PATCH] apparmor: load profiles in parallel
@ 2021-02-14 21:41 thypon
2021-02-14 21:44 ` [PR PATCH] [Updated] " thypon
` (15 more replies)
0 siblings, 16 replies; 17+ messages in thread
From: thypon @ 2021-02-14 21:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is a new pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1724 bytes --]
From 0585ebbc1ec27087f3e1d90f910d24c44c244aec Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 12 +++---------
2 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..e5ce9e9af72 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,9 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ find /etc/apparmor.d -maxdepth 1 -type f ! -name '*.new-*_*' |\
+ xargs -d"\n" -I{} --max-procs="$(grep -c ^processor /proc/cpuinfo)" \
+ bash -c "printf '* Load profile %s: %s\n' '($APPARMOR)' '{}'; apparmor_parser -a $AACOMPLAIN '{}'"
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Updated] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
@ 2021-02-14 21:44 ` thypon
2021-02-14 21:49 ` [PR REVIEW] " ericonr
` (14 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 21:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 394 bytes --]
There is an updated pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1722 bytes --]
From dc89b6e9c48aac3618e7872fd5e90826a09e542f Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 12 +++---------
2 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..f18074dfe90 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,9 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ find /etc/apparmor.d -maxdepth 1 -type f ! -name '*.new-*_*' |\
+ xargs -d"\n" -I{} --max-procs="$(grep -c ^processor /proc/cpuinfo)" \
+ sh -c "printf '* Load profile %s: %s\n' '($APPARMOR)' '{}'; apparmor_parser -a $AACOMPLAIN '{}'"
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR REVIEW] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
2021-02-14 21:44 ` [PR PATCH] [Updated] " thypon
@ 2021-02-14 21:49 ` ericonr
2021-02-14 21:51 ` thypon
` (13 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: ericonr @ 2021-02-14 21:49 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 251 bytes --]
New review comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#discussion_r575869673
Comment:
`nproc` https://www.flamingspork.com/blog/2020/11/25/why-you-should-use-nproc-and-not-grep-proc-cpuinfo/
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
2021-02-14 21:44 ` [PR PATCH] [Updated] " thypon
2021-02-14 21:49 ` [PR REVIEW] " ericonr
@ 2021-02-14 21:51 ` thypon
2021-02-14 21:54 ` [PR PATCH] [Updated] " thypon
` (12 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 21:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 286 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778847529
Comment:
it's all in findutils (xargs and find) which are installed if you have `base-system` `base-minimal` or `base-chroot`. No need to specify anything.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Updated] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (2 preceding siblings ...)
2021-02-14 21:51 ` thypon
@ 2021-02-14 21:54 ` thypon
2021-02-14 21:58 ` [PR REVIEW] " Gottox
` (11 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 21:54 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
There is an updated pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
Cc: @Gottox @ericonr @CameronNemo
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1695 bytes --]
From 02e299da42f8c400083d55728690481e6a6f4ab4 Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 12 +++---------
2 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..5951c35e5ea 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,9 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ find /etc/apparmor.d -maxdepth 1 -type f ! -name '*.new-*_*' |\
+ xargs -d"\n" -I{} --max-procs="$(nproc)" \
+ sh -c "printf '* Load profile %s: %s\n' '($APPARMOR)' '{}'; apparmor_parser -a $AACOMPLAIN '{}'"
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR REVIEW] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (3 preceding siblings ...)
2021-02-14 21:54 ` [PR PATCH] [Updated] " thypon
@ 2021-02-14 21:58 ` Gottox
2021-02-14 22:10 ` CameronNemo
` (10 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: Gottox @ 2021-02-14 21:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 273 bytes --]
New review comment by Gottox on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#discussion_r575870502
Comment:
Allows command injection. I'm not considering this an attack vector, as the files are root writeable, nevertheless, avoid this.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (4 preceding siblings ...)
2021-02-14 21:58 ` [PR REVIEW] " Gottox
@ 2021-02-14 22:10 ` CameronNemo
2021-02-14 22:28 ` [PR REVIEW] " thypon
` (9 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: CameronNemo @ 2021-02-14 22:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1022 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778850010
Comment:
Upstream has optimized code to do this (`/usr/lib/apparmor/rc.apparmor.functions` `parse_profiles()`).
Currently we fudge it up with our custom one-by-one loading. Now we are reimplementing?
Can we deprecate the runit "complain" mode and direct users to the `aa-complain(8)` utility? It would bring us closer to upstream and other distros.
Minimal example of what using the upstream provided code would look like (they make you define log functions):
```
set -e
test -d /sys/kernel/security/apparmor
AA_FUNCTIONS=/usr/lib/apparmor/rc.apparmor.functions
test -r "$AA_FUNCTIONS"
aa_action() { :; }
aa_log_warning_msg() { :; }
aa_log_failure_msg() { :; }
aa_log_action_start() { :; }
aa_log_action_end() { :; }
aa_log_daemon_msg() { :; }
aa_log_skipped_msg() { :; }
aa_log_end_msg() { :; }
set +e
. "$AA_FUNCTIONS"
apparmor_restart
exit $?
```
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR REVIEW] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (5 preceding siblings ...)
2021-02-14 22:10 ` CameronNemo
@ 2021-02-14 22:28 ` thypon
2021-02-14 22:29 ` thypon
` (8 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 22:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 365 bytes --]
New review comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#discussion_r575874468
Comment:
Command injection? You mean shell spawning or in general? I don't see command injection here. I mean, even $APPARMOR without anything else in a shell script it can be a command injection if you don't control the source.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (6 preceding siblings ...)
2021-02-14 22:28 ` [PR REVIEW] " thypon
@ 2021-02-14 22:29 ` thypon
2021-02-14 22:31 ` Duncaen
` (7 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 22:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 336 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778852486
Comment:
I perfectly agree with @CameronNemo on long term using the upstream version.
For now I just ported from the official script the xargs command so that we can have parallelism with minimal changes.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (7 preceding siblings ...)
2021-02-14 22:29 ` thypon
@ 2021-02-14 22:31 ` Duncaen
2021-02-14 22:38 ` Duncaen
` (6 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: Duncaen @ 2021-02-14 22:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 250 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778852792
Comment:
apparmror_parser already parses profiles in parallel, just pass everything to it and forget about the printf.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (8 preceding siblings ...)
2021-02-14 22:31 ` Duncaen
@ 2021-02-14 22:38 ` Duncaen
2021-02-14 22:38 ` Duncaen
` (5 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: Duncaen @ 2021-02-14 22:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 354 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778853658
Comment:
If we patch in our .new- suffix we can just pass the directory and just pass the directory to it will be fast and simple.
https://gitlab.com/apparmor/apparmor/-/blob/master/libraries/libapparmor/src/private.c#L65
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (9 preceding siblings ...)
2021-02-14 22:38 ` Duncaen
@ 2021-02-14 22:38 ` Duncaen
2021-02-14 23:05 ` [PR PATCH] [Updated] " thypon
` (4 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: Duncaen @ 2021-02-14 22:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778853658
Comment:
If we patch in our .new- suffix we can just pass the directory and it will be fast and simple.
https://gitlab.com/apparmor/apparmor/-/blob/master/libraries/libapparmor/src/private.c#L65
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Updated] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (10 preceding siblings ...)
2021-02-14 22:38 ` Duncaen
@ 2021-02-14 23:05 ` thypon
2021-02-14 23:06 ` thypon
` (3 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 23:05 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
There is an updated pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
Cc: @Gottox @ericonr @CameronNemo
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1695 bytes --]
From d5d52ad5f52e807cc424e06cc4bef0089011fdd1 Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 12 +++---------
2 files changed, 4 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..5951c35e5ea 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,9 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ find /etc/apparmor.d -maxdepth 1 -type f ! -name '*.new-*_*' |\
+ xargs -d"\n" -I{} --max-procs="$(nproc)" \
+ sh -c "printf '* Load profile %s: %s\n' '($APPARMOR)' '{}'; apparmor_parser -a $AACOMPLAIN '{}'"
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (11 preceding siblings ...)
2021-02-14 23:05 ` [PR PATCH] [Updated] " thypon
@ 2021-02-14 23:06 ` thypon
2021-02-14 23:19 ` [PR PATCH] [Updated] " thypon
` (2 subsequent siblings)
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 23:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/28766#issuecomment-778857261
Comment:
The last version removes the superfluous logging
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Updated] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (12 preceding siblings ...)
2021-02-14 23:06 ` thypon
@ 2021-02-14 23:19 ` thypon
2021-02-14 23:21 ` thypon
2021-02-15 22:52 ` [PR PATCH] [Merged]: " thypon
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 23:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
There is an updated pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
Cc: @Gottox @ericonr @CameronNemo
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1574 bytes --]
From daea4138ee2d29b540718b655e89db2862e9902b Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 10 +---------
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..b99afbab046 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,7 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ apparmor_parse -a $AACOMPLAIN $(find /etc/apparmor.d -type f -maxdepth 1 ! -name '*.new-*_*')
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Updated] apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (13 preceding siblings ...)
2021-02-14 23:19 ` [PR PATCH] [Updated] " thypon
@ 2021-02-14 23:21 ` thypon
2021-02-15 22:52 ` [PR PATCH] [Merged]: " thypon
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-14 23:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
There is an updated pull request by thypon against master on the void-packages repository
https://github.com/thypon/void-packages apparmor-parallel
https://github.com/void-linux/void-packages/pull/28766
apparmor: load profiles in parallel
Just a quick mod for parallelizing apparmor profiles on load.
Cc: @Gottox @ericonr @CameronNemo
A patch file from https://github.com/void-linux/void-packages/pull/28766.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-apparmor-parallel-28766.patch --]
[-- Type: text/x-diff, Size: 1575 bytes --]
From 9dd2431b09cebc888be257341e4888408aebc8aa Mon Sep 17 00:00:00 2001
From: Andrea Brancaleoni <abc@pompel.me>
Date: Sun, 14 Feb 2021 21:39:38 +0000
Subject: [PATCH] apparmor: load profiles in parallel
---
srcpkgs/apparmor/template | 2 +-
srcpkgs/runit-void/files/09-apparmor.sh | 10 +---------
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 6e7300cff1e..dfbd3ef472f 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=3.0.1
-revision=2
+revision=3
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
diff --git a/srcpkgs/runit-void/files/09-apparmor.sh b/srcpkgs/runit-void/files/09-apparmor.sh
index 7d8d09ee80f..1d24b4e349c 100644
--- a/srcpkgs/runit-void/files/09-apparmor.sh
+++ b/srcpkgs/runit-void/files/09-apparmor.sh
@@ -18,15 +18,7 @@ if [ -n "$APPARMOR" ]; then
[ "$APPARMOR" = "complain" ] && AACOMPLAIN="-C"
if [ -d /etc/apparmor.d -a -x /usr/bin/apparmor_parser ]; then
- for profile in /etc/apparmor.d/*; do
- case "$profile" in
- *.new-*_*) continue ;;
- esac
- if [ -f "$profile" ]; then
- printf '* Load profile %s: %s\n' "($APPARMOR)" "$profile"
- apparmor_parser -a $AACOMPLAIN "$profile"
- fi
- done
+ apparmor_parser -a $AACOMPLAIN $(find /etc/apparmor.d -maxdepth 1 -type f ! -name '*.new-*_*')
else
printf '! AppArmor installation problem - ensure you have installed apparmor package\n'
fi
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PR PATCH] [Merged]: apparmor: load profiles in parallel
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
` (14 preceding siblings ...)
2021-02-14 23:21 ` thypon
@ 2021-02-15 22:52 ` thypon
15 siblings, 0 replies; 17+ messages in thread
From: thypon @ 2021-02-15 22:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 268 bytes --]
There's a merged pull request on the void-packages repository
apparmor: load profiles in parallel
https://github.com/void-linux/void-packages/pull/28766
Description:
Just a quick mod for parallelizing apparmor profiles on load.
Cc: @Gottox @ericonr @CameronNemo
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2021-02-15 22:52 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-14 21:41 [PR PATCH] apparmor: load profiles in parallel thypon
2021-02-14 21:44 ` [PR PATCH] [Updated] " thypon
2021-02-14 21:49 ` [PR REVIEW] " ericonr
2021-02-14 21:51 ` thypon
2021-02-14 21:54 ` [PR PATCH] [Updated] " thypon
2021-02-14 21:58 ` [PR REVIEW] " Gottox
2021-02-14 22:10 ` CameronNemo
2021-02-14 22:28 ` [PR REVIEW] " thypon
2021-02-14 22:29 ` thypon
2021-02-14 22:31 ` Duncaen
2021-02-14 22:38 ` Duncaen
2021-02-14 22:38 ` Duncaen
2021-02-14 23:05 ` [PR PATCH] [Updated] " thypon
2021-02-14 23:06 ` thypon
2021-02-14 23:19 ` [PR PATCH] [Updated] " thypon
2021-02-14 23:21 ` thypon
2021-02-15 22:52 ` [PR PATCH] [Merged]: " thypon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).