This bug was fixed in the package systemd - 219-6ubuntu1
---
systemd (219-6ubuntu1) vivid; urgency=medium
* Merge with Debian experimental branch. Remaining Ubuntu changes:
- Hack to support system-image read-only /etc, and modify files in
/etc/writable/ instead.
-
Fixed both dependencies in http://anonscm.debian.org/cgit/pkg-
systemd/systemd.git/commit/?h=experimentalid=dd2f43c5bcb
** No longer affects: ifupdown (Ubuntu)
** Changed in: systemd (Ubuntu)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a
So just a little more context around this whole split in policy loading.
AppArmor does a check that the cached policy is current and matches to
the kernel before loading and then if not falls back to recompiling
policy. The policy load was split into an early stage
(/etc/apparmor/init) and full
/etc/init/network-interface-security.conf is in ifupdown, so let's put
the corresponding system unit there, too.
** Package changed: systemd (Ubuntu) = ifupdown (Ubuntu)
** Tags added: systemd-boot
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
As far as historical context for network-interface-security.conf, it is
all about loading the profiles that the symlinks in /etc/apparmor/init
/network-interface-security/* point to in time. Looking at a 14.10
system, I see that there are two things there: sbin.dhclient and
usr.sbin.ntpd. This
it sounds like you are saying that ifup@.service will always run
before networking comes up or NetworkManager.
Not necessarily. We need to make sure that all three run
After=apparmor.service. This is already the case for NetworkManager, but
not the other two.
** Changed in: systemd (Ubuntu)
ifup@.service is shipped by systemd, let's just add the After= there.
** Changed in: systemd (Ubuntu)
Importance: Undecided = High
** Changed in: systemd (Ubuntu)
Status: New = Triaged
** Changed in: systemd (Ubuntu)
Assignee: (unassigned) = Martin Pitt (pitti)
--
You received
To clarify: even if this introduces a stronger boot ordering than
necessary, it's just a temporary solution until bug 1385414 lands. So
IMHO we should keep this simple.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
So at the moment, apparmor starts After=local-fs.target and
Before=sysinit.target.
network-interface-security.conf does:
start on (starting network-interface or starting network-manager or
starting networking)
network-interface corresponds to ifup@.service, networking is just the
ifupdown
Hi Martin - What you've described sounds good to me but I should note
that I'm missing a lot of historical context around the details of the
AppArmor init script. I'd like for Jamie to chime in when he has a
chance.
Also, in regards to comment #4, whatever solution we come up with to fix
this bug
10 matches
Mail list logo