[pkg-apparmor] Bug#782700: Please drop $remote_fs init.d dependency to allow running early
Michael Biebl
biebl at debian.org
Thu Apr 16 13:22:35 UTC 2015
Hi!
On Thu, 16 Apr 2015 07:56:55 -0500 Martin Pitt <mpitt at debian.org> wrote:
> apparmor's init.d script currently depends on $remote_fs. This is a
> rather heavy dependency and means that important processes like
> dhclient or NFS cannot be covered by apparmor as they need to start
> before. In the extreme case this also means that
> network-online.target, NetworkManager.service, dbus.service etc. all
> need to run during early boot ("rcS" in the old sysvinit world), which
> likely leads to dependency cycles.
>
> IMHO $local_fs should suffice as during booting the init.d script does
> not need much from /usr or /var. The exception is the click package
> hook processing, but this is only really significant for Ubuntu Touch
> images (which don't use /usr on NFS). The profile cache has been split
> into /etc/ and /var for this reason, so that on boot you only need the
> cache in /etc. The one in /var is only being used for click packages
> as far as I know.
>
> FTR, Ubuntu did that change in
> https://launchpad.net/ubuntu/+source/apparmor/2.9.1-0ubuntu5
The reason for Martin filing this bug is most likely [1].
While we are that topic, I think it would be better to not pull apparmor
specifics into ifup at .service and networking.service, but rather have
apparmor ship a native .service file and specify the correct orderings,
maybe by hooking up in network-pre.target.
Then again, I'm not too familiar with AppArmor: Is every service, which
wants to be confined by apparmor supposed to declare a
After=apparmor.service in its service file?
Michael
[1]
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=experimental&id=db920726c385e2c4ea9b6a82f010483db13dfa46
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20150416/9c50658f/attachment.sig>
More information about the pkg-apparmor-team
mailing list