Replacing the dfa
Jamie Strandboge
jamie at canonical.com
Wed Jun 16 14:17:00 BST 2010
On Wed, 2010-06-16 at 00:59 -0700, John Johansen wrote:
> Over the last few weeks I have been looking into improving loaded policy
> size, and creation time. This has lead me to believe that we need to
> replace how AA does its pattern matching.
...
> The hybrid should allow us to improve both compile time and memory use,
> by reducing state explosion. If done properly this should reduce the
> compiled size of all but the simplest profiles.
I think the hybrid approach sounds fine, but my feeling is that this
should happen after AA is accepted upstream (unless our current dfa is
blocking acceptance). Our current dfa may have a few problems, but in
general it works for a lot of people. Updating it later should be easy
enough since it should be wholly contained within AA.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/apparmor/attachments/20100616/048699e7/attachment.pgp
More information about the AppArmor
mailing list