[pkg-apparmor] Bug#923367: Bug#923367: AppArmor: Profile for journald
Seth Arnold
seth.arnold at canonical.com
Fri Mar 8 00:42:13 GMT 2019
On Thu, Mar 07, 2019 at 09:41:40PM +0100, intrigeri wrote:
> I would suggest trying to use the AppArmorProfile= directive in the
> journald unit. I suspect it'll fail because some other stuff (normally
> set up by apparmor.service) is not ready yet at the time journald
> starts, but it'll be interesting to know what that stuff is and
You could try amending the systemd unit file in question with:
ExecStartPre=apparmor_parser --replace /etc/apparmor.d/<path_to_journald_profile>
Perhaps in case the profile may not exist and you still want the journal
service to start:
ExecStartPre=-apparmor_parser --replace ...
When the full apparmor.service unit runs, it'll try to load that profile
from the binary cache, and the kernel will notice it's unchanged and skip
further processing. So this shouldn't affect boot speed all that much.
Of course if the journal service is started before the necessary
filesystems are mounted, that's something else.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20190307/aa20d907/attachment.sig>
More information about the pkg-apparmor-team
mailing list