Consider shipping a pre-compiled AppArmor policy

On current Tails the AppArmor policy loading slows down boot sustantially, and pre-compiling it would make things a lot faster.

See the blueprint for implementation notes and potential issues, e.g. with the “additional software packages” feature, or possibly a too tight coupling between the kernel run on build systems and the one shipped in the ISO, that need to be investigated. It may be that the doc is lacking in this respect and should be improved (or at least, bugs reported against it).

Blueprint: https://tails.boum.org/contribute/design/application_isolation/

Related issues

Is duplicate of #16138 (closed)

Original created by @intrigeri on 10120 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information