Ship a pre-compiled AppArmor binary cache
Context: decreasing Tails startup time significantly would help us achieve our “Make it easier to switch between a Tails contextual identity and another identity outside of Tails” strategic planning goal.
One of the main reasons why Tails takes so long to start, especially on systems with few and/or not super fast CPU cores, is that we compile the AppArmor policy during every single boot. This is kinda dumb given this compilation will produce the same result every time, which should make any engineer immediately suggest “well, let’s cache this, mayyyyybe?”.
Caching the resulting pre-compiled policy was not straightforward until Stretch, inclusive. But all the pieces we need to do that are finally in place in Buster so we can finally do that! :)
Blueprint: https://tails.boum.org/contribute/design/application_isolation/#pre-compiled-AppArmor-policy
Feature Branch: feature/16138-pre-compiled-AppArmor-cache-buster
Related issues
- Related to #16393 (closed)
- Has duplicate #10120 (closed)
-
Blocked by #16390 (closed)
Original created by @intrigeri on 16138 (Redmine)