Le vendredi 21 février 2014 à 03:48 +0100, Lennart Poettering a écrit : > On Thu, 20.02.14 16:19, m...@zarb.org (m...@zarb.org) wrote: > > > From: Michael Scherer <m...@zarb.org> > > > > This permit to switch to a specific apparmor profile when starting a > > daemon. This > > will result in a non operation if apparmor is disabled. > > It also add a new build requirement on libapparmor for using this > > feature. > > Applied! I made some changes though, there were some missing > bits to make sure the config hookup works correctly. I don't have any > apparmor available though. Could you check if everything works > correctly?
I will, I do have a opensuse VM for that, and I think intrigeri in CC, likely does too. > I figure the only missing bit to get apparmor up to the same level of > support in systemd as SELinux, SMACK and IMA have would be policy > uploading during early boot. Yeah, but this requires call to a external binary, I was wondering is using some unit wouldn't be enough. Upstart also do provides a way to load a policy specificied in a job, which is maye something we could support, like on demand module loading for selinux . What do people think about it ? ( for on demand loading of profile/module ) -- Michael Scherer _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
