[pkg-apparmor] Bug#782700: Please drop $remote_fs init.d dependency to allow running early
Michael Biebl
biebl at debian.org
Thu Apr 16 13:25:39 UTC 2015
Am 16.04.2015 um 15:22 schrieb Michael Biebl:
> Hi!
>
> On Thu, 16 Apr 2015 07:56:55 -0500 Martin Pitt <mpitt at debian.org> wrote:
>> apparmor's init.d script currently depends on $remote_fs. This is a
>> rather heavy dependency and means that important processes like
>> dhclient or NFS cannot be covered by apparmor as they need to start
>> before. In the extreme case this also means that
>> network-online.target, NetworkManager.service, dbus.service etc. all
>> need to run during early boot ("rcS" in the old sysvinit world), which
>> likely leads to dependency cycles.
>>
>> IMHO $local_fs should suffice as during booting the init.d script does
>> not need much from /usr or /var. The exception is the click package
>> hook processing, but this is only really significant for Ubuntu Touch
>> images (which don't use /usr on NFS). The profile cache has been split
>> into /etc/ and /var for this reason, so that on boot you only need the
>> cache in /etc. The one in /var is only being used for click packages
>> as far as I know.
>>
>> FTR, Ubuntu did that change in
>> https://launchpad.net/ubuntu/+source/apparmor/2.9.1-0ubuntu5
>
> The reason for Martin filing this bug is most likely [1].
>
> While we are that topic, I think it would be better to not pull apparmor
> specifics into ifup at .service and networking.service, but rather have
> apparmor ship a native .service file and specify the correct orderings,
> maybe by hooking up in network-pre.target.
Or maybe better:
provide a native .service file, hook that up in sysinit.target and add
Wants=network-pre.target
Before=network-pre.target
to apparmor.service. See man systemd.special
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20150416/82b69d61/attachment.sig>
More information about the pkg-apparmor-team
mailing list