[pkg-apparmor] Bug#782700: Bug#782700: Please drop $remote_fs init.d dependency to allow running early
Michael Biebl
biebl at debian.org
Thu Apr 16 21:30:10 UTC 2015
On Thu, 16 Apr 2015 19:25:13 +0200 Christian Boltz
<apparmor-debian at cboltz.de> wrote:
> Hello,
>
> Am Donnerstag, 16. April 2015 schrieb Michael Biebl:
> > Or maybe better:
> > provide a native .service file, hook that up in sysinit.target and add
> > Wants=network-pre.target
> > Before=network-pre.target
> > to apparmor.service. See man systemd.special
>
> FYI: I received a service file for openSUSE some weeks ago from a
> contributor. Basically it's just a wrapper around the initscript (so
> probably not the final solution), but it's a good start nevertheless ;-)
>
> [Unit]
> Description=Load AppArmor profiles
> DefaultDependencies=no
> Before=sysinit.target
> After=systemd-journald-audit.socket
> ConditionSecurity=apparmor
>
> [Service]
> Type=oneshot
> ExecStart=/etc/init.d/boot.apparmor start
> ExecReload=/etc/init.d/boot.apparmor reload
> ExecStop=/etc/init.d/boot.apparmor stop
> RemainAfterExit=yes
>
> [Install]
> WantedBy=multi-user.target
>
>
> Also let me warn you that systemd comes with some problems for AppArmor:
> https://bugzilla.opensuse.org/show_bug.cgi?id=853019
> Basically systemd maps "systemctl restart apparmor" to "stop, then
> start", which means the confinement gets removed from running processes.
>
That service file looks wrong on many levels. Please don't add that to
the Debian package as is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20150416/97543ce9/attachment.sig>
More information about the pkg-apparmor-team
mailing list