Comment 23 for bug 1305108
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1305108] Re: please provide upstart job for apparmor | #23 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On Thu, Jun 12, 2014 at 07:47:09PM -0000, Marc Deslauriers wrote:
> We could make the apparmor job "start on filesystem". We would have to
> modify rc-sysinit to wait for the apparmor job to be done or we may end
> up having services like apache get started before apparmor is loaded.
Currently, rc-sysinit is:
start on (filesystem and static-network-up) or failsafe-boot
Presumably we don't want failsafe-boot (which exists to deal with
misconfigured networks) to bypass apparmor. So this would imply changing
rc-sysinit to:
start on (filesystem and static-network-up and started apparmor) or failsafe-boot
and changing failsafe to:
start on filesystem and net-device-up IFACE=lo and started apparmor
Regarding the previous comment that we're supposed to pretend didn't happen
;), while there won't be any race conditions, we do need to be aware of
possible risks of deadlock. If we expect the apparmor job to be started and
stopped multiple times over the life of the system, it shouldn't directly be
a dependency of jobs like rc-sysinit.