Consider disabling expression tree simplification by default
On https://salsa.debian.org/apparmor-team/apparmor/merge_requests/9 @jdstrand argued (and finally convinced me) that no-extr-simplify
is a better default than what we have now. tl;dr:
- In some real-world worst cases, expression tree simplification greatly increases policy compilation time.
- Only in one pathological case (Evince profile), expression tree simplification improves policy compilation time; but that only affects rather powerful (desktop) systems, where the few added seconds should not matter much.
(For details, see the discussion that starts on https://salsa.debian.org/apparmor-team/apparmor/merge_requests/9#note_35068; you might have to toggle it if you read this after that discussion has been resolved.)
So for now we'll apply a distro patch in Debian and Ubuntu, that adds Optimize=no-expr-simplify
to parser.conf
. But I'd rather not carry this as a distro patch forever and I'm vastly prefer if we could make a project-wide decision about what the default behaviour should be.