[pkg-apparmor] Bug#670170: apparmor: should load profiles before networking is setup
intrigeri
intrigeri at debian.org
Sat Jun 13 08:19:24 UTC 2015
Control: found -1 2.9.0-3
Control: fixed -1 2.9.2-1
intrigeri wrote (03 Jan 2014 02:07:50 GMT) :
> So, I'm now postponing working on this any further until the Technical
> Committee has made a decision regarding Jessie's default init system.
> If they pick systemd or upstart, which seems highly likely now, then
> we'll finally be able to fix this issue properly for the Linux
> architectures, that are the only ones supporting AppArmor anyway.
Since 2.9.2-1, we don't depend on $remote_fs anymore, and on my
current sid system:
$ systemctl -p Before show apparmor.service
Before=networking.service libvirtd.service sysinit.target
and systemd-analyze confirms that apparmor.service is indeed started
before any network initialization is done. And indeed, aa-status tells
me that /sbin/dhclient and the processes for a few network services
I run are confined.
So, I'm calling this done, eventually! :)
Next step is to deal with the fallout of removing the dependency on
$remote_fs, as discussed on #782700.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list