we could move just run profile loading earlier, ahead of remote
filesystems, as an upstart job:
description "Pre-cache and load apparmor profiles"
task
start on local-filesystems and not-container
script
. ./lib/apparmor/functions
[ -w "$AA_SFS"/.load ] || { stop; exit 0; }
load_configured_profiles
end script
Also desktop is a bit too quick to observe the ordering here. But e.g. it looks
like on ubuntu-touch network-manager is started ahead of loading all apparmor
profiles, the network-manager job does not load profiles for binaries that it
uses and it can spawn e.g. dhclient see:
http://people.canonical.com/~ogra/touch-bootcharts/ubuntu-phablet-trusty-283.png
dhclient did not execute ahead of apparmor_profile launched by xargs,
but it think it could be on a cold boot when profiles are regenerated
for all .clicks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1298539
Title:
apparmor rcS.d sysv initscript is running too late
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1298539/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
