Ubuntu
apparmor package

  1. Bug #1305108
  2. Comment #3

Comment 3 for bug 1305108

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, anecdotally (much more testing needs to be performed) using this upstart job and setting network-interface-security and click-apparmor jobs to 'manual' (see description), I can see:
# the network-interface-security job did not start:
$ sudo initctl list|grep security
network-interface-security stop/waiting
$ ls /run/network-interface-security
ls: cannot access /run/network-interface-security: No such file or directory

# click-apparmor did not start
$ sudo initctl list|grep click-apparmor
click-apparmor stop/waiting

All policy is loaded before confined apps are started:
$ sudo aa-status
apparmor module is loaded.
128 profiles are loaded.
128 profiles are in enforce mode.
...
0 profiles are in complain mode.
32 processes have profiles defined.
32 processes are in enforce mode.
   /sbin/dhclient (2548)
   /usr/lib/firefox/firefox{,*[^s][^h]} (3864)
   /usr/lib/telepathy/mission-control-5 (3172)
   /usr/sbin/avahi-daemon (1305)
   /usr/sbin/avahi-daemon (1310)
   /usr/sbin/cups-browsed (1730)
   /usr/sbin/cupsd (3423)
   ...
   /usr/sbin/dnsmasq (2415)
   /usr/sbin/libvirtd (1742)
   /usr/sbin/nrpe (1678)
   /usr/sbin/ntpd (2983)
   /usr/sbin/rsyslogd (1287)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.