On Thu, Jun 12, 2014 at 07:47:09PM -0000, Marc Deslauriers wrote: > We could make the apparmor job "start on filesystem". We would have to > modify rc-sysinit to wait for the apparmor job to be done or we may end > up having services like apache get started before apparmor is loaded.
Currently, rc-sysinit is: start on (filesystem and static-network-up) or failsafe-boot Presumably we don't want failsafe-boot (which exists to deal with misconfigured networks) to bypass apparmor. So this would imply changing rc-sysinit to: start on (filesystem and static-network-up and started apparmor) or failsafe-boot and changing failsafe to: start on filesystem and net-device-up IFACE=lo and started apparmor Regarding the previous comment that we're supposed to pretend didn't happen ;), while there won't be any race conditions, we do need to be aware of possible risks of deadlock. If we expect the apparmor job to be started and stopped multiple times over the life of the system, it shouldn't directly be a dependency of jobs like rc-sysinit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305108 Title: please provide upstart job for apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305108/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
