On Thu, 16 Apr 2015 19:25:13 +0200 Christian Boltz <apparmor-deb...@cboltz.de> wrote: > Hello, > > Am Donnerstag, 16. April 2015 schrieb Michael Biebl: > > Or maybe better: > > provide a native .service file, hook that up in sysinit.target and add > > Wants=network-pre.target > > Before=network-pre.target > > to apparmor.service. See man systemd.special > > FYI: I received a service file for openSUSE some weeks ago from a > contributor. Basically it's just a wrapper around the initscript (so > probably not the final solution), but it's a good start nevertheless ;-) > > [Unit] > Description=Load AppArmor profiles > DefaultDependencies=no > Before=sysinit.target > After=systemd-journald-audit.socket > ConditionSecurity=apparmor > > [Service] > Type=oneshot > ExecStart=/etc/init.d/boot.apparmor start > ExecReload=/etc/init.d/boot.apparmor reload > ExecStop=/etc/init.d/boot.apparmor stop > RemainAfterExit=yes > > [Install] > WantedBy=multi-user.target > > > Also let me warn you that systemd comes with some problems for AppArmor: > https://bugzilla.opensuse.org/show_bug.cgi?id=853019 > Basically systemd maps "systemctl restart apparmor" to "stop, then > start", which means the confinement gets removed from running processes. >
That service file looks wrong on many levels. Please don't add that to the Debian package as is.
signature.asc
Description: OpenPGP digital signature
