Am 16.04.2015 um 15:22 schrieb Michael Biebl:
> Hi!
>
> On Thu, 16 Apr 2015 07:56:55 -0500 Martin Pitt <mp...@debian.org> wrote:
>> apparmor's init.d script currently depends on $remote_fs. This is a
>> rather heavy dependency and means that important processes like
>> dhclient or NFS cannot be covered by apparmor as they need to start
>> before. In the extreme case this also means that
>> network-online.target, NetworkManager.service, dbus.service etc. all
>> need to run during early boot ("rcS" in the old sysvinit world), which
>> likely leads to dependency cycles.
>>
>> IMHO $local_fs should suffice as during booting the init.d script does
>> not need much from /usr or /var. The exception is the click package
>> hook processing, but this is only really significant for Ubuntu Touch
>> images (which don't use /usr on NFS). The profile cache has been split
>> into /etc/ and /var for this reason, so that on boot you only need the
>> cache in /etc. The one in /var is only being used for click packages
>> as far as I know.
>>
>> FTR, Ubuntu did that change in
>> https://launchpad.net/ubuntu/+source/apparmor/2.9.1-0ubuntu5
>
> The reason for Martin filing this bug is most likely [1].
>
> While we are that topic, I think it would be better to not pull apparmor
> specifics into ifup@.service and networking.service, but rather have
> apparmor ship a native .service file and specify the correct orderings,
> maybe by hooking up in network-pre.target.Or maybe better: provide a native .service file, hook that up in sysinit.target and add Wants=network-pre.target Before=network-pre.target to apparmor.service. See man systemd.special -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
