[pkg-apparmor] Bug#796589: apparmor: Has init script in runlevel S but no matching service file
intrigeri
intrigeri at debian.org
Fri Jun 24 09:00:03 UTC 2016
Hi,
Felipe Sateler wrote (06 Jun 2016 23:49:46 GMT) :
> Please find attached a unit that wraps the currently existing init
> script.
Thanks! I've integrated something along these lines and expect I'll
upload today.
> Proper integration (which I understand is being worked on) can
> be added later.
I'm not sure what's the exact status of that WIP, but indeed there
have been some discussions.
> I added a RequiresMountsFor=/var/lib because the init script tries to
> read and write to /var. Unfortunately, because /var can be
> remote-mounted, this can cause a dependency loop if the network is
> brought up later in the boot process (ie, by a service with
> DefaultDependencies=yes). Thus we cannot reasonably restrict apparmor
> to start Before=sysinit.target without possibly introducing dependency
> loops. If the /var dependency is optional,
Good catch, I had missed it!
I've made this dependency optional (not pushed to Vcs-Bzr yet though).
> then please drop the
> RequiresMountsFor, and add Before=sysinit.target so that all normal
> services start properly contained.
Done locally.
> Also, apparmor init script is not stopped on shutdown (and thus I did
> not add a Conflicts on shutdown.target), you might want to consider
> dropping the ExecStop in that case.
What would it buy us to drop ExecStop? Even though the service is not
stopped on shutdown (that's on purpose), it may be useful to support
manual "systemctl stop apparmor.service".
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list