With the current AppArmor code running the AppArmor init script right after mountall is the best solution. A feature on the AppArmor wish list is extremely early init.
The current plans are to have apparmor initialize as early as possible, the security_initcall level instead of module_init level if apparmor is builtin. And whether builtin or the module was loaded in the initrd to allow apparmor to load policy an initial policy out of the initrd. Subsequent reloads of policy could be done and would come from the standard profile storage. This allows for AppArmor to do early init but have minimal policy stored in the initrd. -- Profiles not applied to running processes when AppArmor is started https://bugs.launchpad.net/bugs/116624 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
