[pkg-apparmor] Bug#782700: Bug#782700: Please drop $remote_fs init.d dependency to allow running early
Christian Boltz
apparmor-debian at cboltz.de
Thu Apr 16 17:25:13 UTC 2015
Hello,
Am Donnerstag, 16. April 2015 schrieb Michael Biebl:
> Or maybe better:
> provide a native .service file, hook that up in sysinit.target and add
> Wants=network-pre.target
> Before=network-pre.target
> to apparmor.service. See man systemd.special
FYI: I received a service file for openSUSE some weeks ago from a
contributor. Basically it's just a wrapper around the initscript (so
probably not the final solution), but it's a good start nevertheless ;-)
[Unit]
Description=Load AppArmor profiles
DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
ConditionSecurity=apparmor
[Service]
Type=oneshot
ExecStart=/etc/init.d/boot.apparmor start
ExecReload=/etc/init.d/boot.apparmor reload
ExecStop=/etc/init.d/boot.apparmor stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Also let me warn you that systemd comes with some problems for AppArmor:
https://bugzilla.opensuse.org/show_bug.cgi?id=853019
Basically systemd maps "systemctl restart apparmor" to "stop, then
start", which means the confinement gets removed from running processes.
Regards,
Christian Boltz
--
Whatever, but the purpose of software is to help users, not the other
way round. No, developers are not to be considered "users" >:-p
[Carlos E. R. in opensuse-factory]
More information about the pkg-apparmor-team
mailing list