You are not logged in.

#1 2019-10-18 07:49:00

pepemopap
Member
Registered: 2015-09-30
Posts: 41

Apparmor startup time

Hi! Only curious. Its normal this startup time for Apparmor? First time i use it.

$ systemd-analyze blame
          4.262s apparmor.service
           906ms dev-sda2.device
           456ms systemd-logind.service
           390ms upower.service
           244ms exim4.service
           223ms networking.service
           201ms loadcpufreq.service
           176ms systemd-udev-trigger.service
           168ms winbind.service
           156ms NetworkManager.service
           145ms keyboard-setup.service
           122ms systemd-journald.service
           111ms systemd-fsck@dev-sda1.service
            90ms lvm2-monitor.service
            90ms avahi-daemon.service
            84ms dev-hugepages.mount
            82ms lm-sensors.service
            77ms systemd-modules-load.service
            75ms wpa_supplicant.service
            63ms user@1000.service
            63ms rsyslog.service
            56ms dev-mqueue.mount
            49ms console-setup.service
            49ms systemd-tmpfiles-setup.service
            49ms systemd-udevd.service
            47ms ntp.service
            45ms alsa-restore.service
            38ms systemd-remount-fs.service
            37ms systemd-journal-flush.service

Offline

#2 2019-10-18 09:07:31

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 1,886
Website

Re: Apparmor startup time

I have 32 things that are slower than apparmor

         23.377s udisks2.service
         18.144s NetworkManager-wait-online.service
         15.399s winbind.service
         14.819s ModemManager.service
         12.885s php7.3-fpm.service
         11.437s media-prehod.mount
         10.581s nginx.service
         10.195s man-db.service
          9.920s pure-ftpd.service
         ...........................          
         2.558s apparmor.service

Old, slow machine.

Offline

#3 2019-10-18 09:57:02

earlybird
ほやほや
Registered: 2015-12-16
Posts: 727
Website

Re: Apparmor startup time

Did you enable AppArmor profile caching? https://wiki.archlinux.org/index.php/Ap … g_profiles

Otherwise it has to recompile your profiles into binary form every time you boot.

Offline

#4 2019-10-19 08:51:25

pepemopap
Member
Registered: 2015-09-30
Posts: 41

Re: Apparmor startup time

earlybird wrote:

Did you enable AppArmor profile caching? https://wiki.archlinux.org/index.php/Ap … g_profiles

Otherwise it has to recompile your profiles into binary form every time you boot.

Yes, it is just the first i tried. But no affect the load time.

Offline

#5 2019-10-19 09:14:13

ohnonot
...again
Registered: 2015-09-29
Posts: 4,092
Website

Re: Apparmor startup time

Also have a look at

systemd-analyze critical-chain

and, obviously, at

systemctl status -n999 apparmor

Offline

#6 2019-10-23 08:25:32

pepemopap
Member
Registered: 2015-09-30
Posts: 41

Re: Apparmor startup time

systemd-analyze critical-chain
The time after the unit is active or started is printed after the "@" character.
The time the unit takes to start is printed after the "+" character.

multi-user.target @7.644s
└─systemd-logind.service @7.203s +438ms
  └─basic.target @7.153s
    └─sockets.target @7.150s
      └─avahi-daemon.socket @7.148s
        └─sysinit.target @7.113s
          └─apparmor.service @2.840s +4.265s
            └─local-fs.target @2.839s
              └─home.mount @2.802s +23ms
                └─systemd-fsck@dev-disk-by\x2duuid-14958300\x2daa00\x2d4dcd\x2d9473\
                  └─dev-disk-by\x2duuid-14958300\x2daa00\x2d4dcd\x2d9473\x2dc9e5e5fb
systemctl status -n999 apparmor
● apparmor.service - AppArmor initialization
   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: ena
   Active: active (exited) since Wed 2019-10-23 10:23:11 CEST; 1min 57s ago
     Docs: man:apparmor(7)
           http://wiki.apparmor.net/
  Process: 445 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS)
 Main PID: 445 (code=exited, status=0/SUCCESS)

Offline

#7 2019-10-23 08:50:52

ohnonot
...again
Registered: 2015-09-29
Posts: 4,092
Website

Re: Apparmor startup time

└─apparmor.service @2.840s +4.265s
            └─local-fs.target @2.839s
              └─home.mount @2.802s +23ms
                └─systemd-fsck@dev-disk-by\x2duuid-14958300\x2daa00\x2d4dcd\x2d9473\
                  └─dev-disk-by\x2duuid-14958300\x2daa00\x2d4dcd\x2d9473\x2dc9e5e5fb

The "+4.265s" looks a little weird to me.
I wonder why it's doing that. Did you read 'man systemd-analyze' to find out what "+4.265s" means?

systemctl status -n999 apparmor
● apparmor.service - AppArmor initialization
   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: ena
   Active: active (exited) since Wed 2019-10-23 10:23:11 CEST; 1min 57s ago
     Docs: man:apparmor(7)
           http://wiki.apparmor.net/
  Process: 445 ExecStart=/etc/init.d/apparmor start (code=exited, status=0/SUCCESS)
 Main PID: 445 (code=exited, status=0/SUCCESS)

That's not much.
Apparently it's an old sysvinit startup script, and systemd just provides a wrapper to start it.
Shouldn't apparmor support systemd? Strange. What Debian version are you on?
Please figure out where apparmor logs things, and have a look at them (and by that I mean: really have a look at them; don't just copy-paste them here).

Offline

Board footer

Powered by FluxBB