[apparmor] Generating the profile cache on a different machine
Alberto Mardegan
mardy at users.sourceforge.net
Thu Apr 2 13:30:48 UTC 2020
Hi all!
I'm trying to speed up the first device boot by generating a cache of
the profiles. The target machine is running a Yocto image, so it would
feel natural if the profile cache is also generated by Yocto.
My first question is whether this is actually doable: is the binary
format of a cached profile independent from the machine architecture in
which it is generated?
Also: is the kernel version of the host machine (that is, where the
apparmor_parser command is being run) indifferent? Or does it have to be
apparmor-enabled?
I see that there's a `.features` file under the cache/ directory, but
it's not clear to me if it's related to the apparmor *userspace tools*
features, or to the kernel. If the latter, can I safely copy it between
different machines, as long as I'll have the same apparmor patches
applied to all the kernels I need to support?
Ciao,
Alberto
More information about the AppArmor
mailing list