Seth, the service starts fine if snapd is not installed and the mountpoint is not present.
$ sudo systemctl status apparmor
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2020-04-08 07:05:57 CDT; 3min 9s ago
Docs: man:apparmor(7) https://gitlab.com/apparmor/apparmor/wikis/home/
Process: 309 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=0/SUCCESS)
Main PID: 309 (code=exited, status=0/SUCCESS)
Apr 08 07:05:58 sec-focal-amd64 apparmor.systemd[309]: Restarting AppArmor
Apr 08 07:05:58 sec-focal-amd64 apparmor.systemd[309]: Reloading AppArmor profiles
Apr 08 07:05:58 sec-focal-amd64 apparmor.systemd[320]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Apr 08 07:05:58 sec-focal-amd64 apparmor.systemd[325]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Warning: journal has been rotated since unit was started, output may be incomplete.
The service is not delayed on boot:
$ sudo systemd-analyze critical-chain apparmor.service
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.
$ sudo systemd-analyze critical-chain apparmor.service
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.
"RequiresMountsFor: Takes a space-separated list of absolute paths. Automatically adds dependencies of type Requires= and After= for all mount units required to access the specified path."
Furthermore, I read the systemd code and for each RequiresMountsFor entry, it will start with the entry, then see if there are mount entries for each path going up to '/', only adding the Requires and After if there is a .mount unit (that it may have synthesized from /etc/fstab) for this path. Eg:
snapd is not installed, systemd will:
* check if /var/lib/snapd/apparmor/profiles .mount entry exists. no, so do nothing
* check if /var/lib/snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. no, so do nothing
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)
snapd is installed with no zfs-on-root, systemd will:
* check if /var/lib/snapd/apparmor/profiles .mount entry exists. no, so do nothing
* check if /var/lib/snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. no, so do nothing
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)
snapd is installed with zfs-on-root, systemd will:
* check if /var/lib/snapd/apparmor/profiles .mount entry exists. no, so do nothing
* check if /var/lib/snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. yes, so add this
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)
Seth, the service starts fine if snapd is not installed and the mountpoint is not present.
$ sudo systemctl status apparmor system/ apparmor. service; enabled; vendor preset: enabled) /gitlab. com/apparmor/ apparmor/ wikis/home/ /lib/apparmor/ apparmor. systemd reload (code=exited, status=0/SUCCESS)
● apparmor.service - Load AppArmor profiles
Loaded: loaded (/lib/systemd/
Active: active (exited) since Wed 2020-04-08 07:05:57 CDT; 3min 9s ago
Docs: man:apparmor(7)
https:/
Process: 309 ExecStart=
Main PID: 309 (code=exited, status=0/SUCCESS)
Apr 08 07:05:58 sec-focal-amd64 apparmor. systemd[ 309]: Restarting AppArmor systemd[ 309]: Reloading AppArmor profiles systemd[ 320]: Skipping profile in /etc/apparmor. d/disable: usr.bin.firefox systemd[ 325]: Skipping profile in /etc/apparmor. d/disable: usr.sbin.rsyslogd
Apr 08 07:05:58 sec-focal-amd64 apparmor.
Apr 08 07:05:58 sec-focal-amd64 apparmor.
Apr 08 07:05:58 sec-focal-amd64 apparmor.
Warning: journal has been rotated since unit was started, output may be incomplete.
The service is not delayed on boot:
$ sudo systemd-analyze critical-chain apparmor.service
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.
apparmor.service +183ms user-125- gvfs.mount @6.196s user-125. mount @5.831s ─local- fs-pre. target @526ms
└─keyboard- setup.service @195ms +330ms
└─systemd- journald. socket @173ms
└─ system. slice @170ms
└─-.slice @170ms
└─local-fs.target @526ms
└─run-
└─run-
└
Compare this with before snapd was removed:
$ sudo systemd-analyze critical-chain apparmor.service
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.
apparmor.service +278ms user-125- gvfs.mount @10.509s user-125. mount @9.900s ─local- fs-pre. target @756ms
└─keyboard- setup.service @369ms +386ms
└─systemd- journald. socket @334ms
└─ system. slice @329ms
└─-.slice @329ms
└─local-fs.target @1.073s
└─run-
└─run-
└
The systemd documentation (https:/ /www.freedeskto p.org/software/ systemd/ man/systemd. unit.html) say:
"RequiresMountsFor: Takes a space-separated list of absolute paths. Automatically adds dependencies of type Requires= and After= for all mount units required to access the specified path."
Furthermore, I read the systemd code and for each RequiresMountsFor entry, it will start with the entry, then see if there are mount entries for each path going up to '/', only adding the Requires and After if there is a .mount unit (that it may have synthesized from /etc/fstab) for this path. Eg:
snapd is not installed, systemd will: snapd/apparmor/ profiles .mount entry exists. no, so do nothing snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/
* check if /var/lib/
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. no, so do nothing
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)
snapd is installed with no zfs-on-root, systemd will: snapd/apparmor/ profiles .mount entry exists. no, so do nothing snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/
* check if /var/lib/
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. no, so do nothing
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)
snapd is installed with zfs-on-root, systemd will: snapd/apparmor/ profiles .mount entry exists. no, so do nothing snapd/apparmor .mount entry exists. no, so do nothing
* check if /var/lib/
* check if /var/lib/
* check if /var/lib/snapd .mount entry exists. no, so do nothing
* check if /var/lib .mount entry exists. yes, so add this
* check if /var .mount entry exists. no, so do nothing
* check if / .mount entry exists. yes, so add this (will be satisfied by local-fs.target)