[pkg-apparmor] Bug#771240: apparmor: Please make apparmor work with dracut, too.
Tilman Schröder
tilman.schroeder at gmx.de
Fri Nov 28 22:15:10 UTC 2014
Heyho,
On 28.11.2014 11:31, intrigeri wrote:
> Hi,
>
> Tilman Schröder wrote (27 Nov 2014 22:07:50 GMT) :
>> please make apparmor work with dracut as the system to build an initramfs, too.
>
>> I tried to use apparmor by installing it via
>> dpkg --force-depends -i apparmor_2.9.0-2_amd64.deb
>
>> but installation failed with the following error message in the journal:
>
>> Nov 27 22:55:35 procyonbook systemd[1]: Cannot add dependency job for unit
>> dracut-shutdown.service, ignoring: Unit dracut-shutdown.service failed to load:
>> No such file or directory
>
> First of all, may you please try installing apparmor with apt-get
> instead? Problems that happen only with `dpkg --force-depends' are
> generally not bugs: you're explicitly forcing dpkg to do something it
> knows it shouldn't.
This does not work because apparmor depends on initramfs on linux. That
is why I used dpkg --force-depends. All the other dependencies were met
and I had the correct apparmor.deb for Debian jessie. I examined the
apparmor source package using
$ grep -ir 'initramfs' apparmor-2.9.0/
and found some references to a now non-existent file
"debian/apparmor.initramfs" in "debian/changelog", nothing else.
Therefore I assumed that apparmor should work with dracut, too, and I
filed this bug. By the way, is Severity: wishlist more appropriate?
> To be frank, I doubt that AppArmor has anything to do with that
> dracut-related error. My gut feeling is that apparmor installs an
> initscript, which triggers a systemd unit files reload, which exposes
> a bug in the dracut systemd integration. What's the output of:
>
> # systemctl show dracut-shutdown.service
Attached, but I do not think this is helpful, because of
$ systemctl status dracut-shutdown.service
● dracut-shutdown.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
> # rgrep dracut-shutdown /{etc,lib}/systemd/system
Nothing, because of
$ dpkg --listfiles dracut | grep dracut-shutdown
/usr/lib/dracut/modules.d/98systemd/dracut-shutdown.service.8.asc
/usr/lib/dracut/modules.d/98systemd/dracut-shutdown.service
/usr/lib/dracut/modules.d/98systemd/dracut-shutdown.service.8
/lib/systemd/system/sysinit.target.wants/dracut-shutdown.service
and the last one is a dead symlink to
/lib/systemd/system/sysinit.target/dracut-shutdown.service
Perhaps this is (part of) the bug in the integration of dracut into
systemd. I am sorry, I do not know my way around those internals, but I
am willing to do tests and deliver information.
> Cheers,
Bye,
Tilman
--
Sichere Kommunikation?
GPG: 0x70755E61 auf keys.gnupg.net
-------------- next part --------------
Restart=no
NotifyAccess=none
RestartUSec=100ms
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
WatchdogUSec=0
WatchdogTimestampMonotonic=0
StartLimitInterval=10000000
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
PermissionsStartOnly=no
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=0
ControlPID=0
Result=success
ExecMainStartTimestampMonotonic=0
ExecMainExitTimestampMonotonic=0
ExecMainPID=0
ExecMainCode=0
ExecMainStatus=0
CPUAccounting=no
CPUShares=18446744073709551615
StartupCPUShares=18446744073709551615
CPUQuotaPerSecUSec=(null)
BlockIOAccounting=no
BlockIOWeight=18446744073709551615
StartupBlockIOWeight=18446744073709551615
MemoryAccounting=no
MemoryLimit=18446744073709551615
DevicePolicy=auto
UMask=0022
LimitCPU=18446744073709551615
LimitFSIZE=18446744073709551615
LimitDATA=18446744073709551615
LimitSTACK=18446744073709551615
LimitCORE=18446744073709551615
LimitRSS=18446744073709551615
LimitNOFILE=65536
LimitAS=18446744073709551615
LimitNPROC=15685
LimitMEMLOCK=65536
LimitLOCKS=18446744073709551615
LimitSIGPENDING=15685
LimitMSGQUEUE=819200
LimitNICE=0
LimitRTPRIO=0
LimitRTTIME=18446744073709551615
OOMScoreAdjust=0
Nice=0
IOScheduling=0
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=inherit
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SecureBits=0
CapabilityBoundingSet=18446744073709551615
MountFlags=0
PrivateTmp=no
PrivateNetwork=no
PrivateDevices=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=0
RuntimeDirectoryMode=0755
KillMode=control-group
KillSignal=15
SendSIGKILL=yes
SendSIGHUP=no
Id=dracut-shutdown.service
Names=dracut-shutdown.service
WantedBy=sysinit.target
Description=dracut-shutdown.service
LoadState=not-found
ActiveState=inactive
SubState=dead
InactiveExitTimestampMonotonic=0
ActiveEnterTimestampMonotonic=0
ActiveExitTimestampMonotonic=0
InactiveEnterTimestampMonotonic=0
CanStart=yes
CanStop=yes
CanReload=no
CanIsolate=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
OnFailureJobMode=replace
IgnoreOnIsolate=no
IgnoreOnSnapshot=no
NeedDaemonReload=no
JobTimeoutUSec=0
ConditionResult=no
ConditionTimestampMonotonic=0
LoadError=org.freedesktop.DBus.Error.FileNotFound "No such file or directory"
Transient=no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20141128/28afdc14/attachment.sig>
More information about the pkg-apparmor-team
mailing list