Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 970
    • Issues 970
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 27
    • Merge requests 27
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #16138
Closed
Open
Issue created Nov 19, 2018 by intrigeri@intrigeriMaintainer1 of 1 checklist item completed1/1 checklist item

Ship a pre-compiled AppArmor binary cache

Originally created by @intrigeri on #16138 (Redmine)

Context: decreasing Tails startup time significantly would help us achieve our “Make it easier to switch between a Tails contextual identity and another identity outside of Tails” strategic planning goal.

One of the main reasons why Tails takes so long to start, especially on systems with few and/or not super fast CPU cores, is that we compile the AppArmor policy during every single boot. This is kinda dumb given this compilation will produce the same result every time, which should make any engineer immediately suggest “well, let’s cache this, mayyyyybe?”.

Caching the resulting pre-compiled policy was not straightforward until Stretch, inclusive. But all the pieces we need to do that are finally in place in Buster so we can finally do that! :)

Blueprint: https://tails.boum.org/contribute/design/application_isolation/#pre-compiled-AppArmor-policy

Feature Branch: feature/16138-pre-compiled-AppArmor-cache-buster

Related issues

  • Related to #16393 (closed)
  • Has duplicate #10120 (closed)
  • Blocked by #16390 (closed)
Edited May 15, 2020 by intrigeri
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking