man apparmor still assumes upstart as init
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
To reproduce in a terminal or shell run man apparmor. In the section Ubunut policy load assumes upstart as in 14.10 and earlier.
To copy the section from the man page it is
UBUNTU POLICY LOAD
Ubuntu systems use upstart(8) instead of a traditional SysV init system. Because upstart is an event-driven init system and understanding that policy must be loaded before execution, Ubuntu loads
policy in two ways:
1. via upstart jobs for services started during the boot process
2. via the AppArmor upstart job for any remaining policy
The AppArmor upstart job is configured to make sure all policy is loaded before any user sessions start. When developing policy it is important to know how your application is started and if policy
load should be handled specially.
The upstart job may be call with or without arguments, like so:
$ sudo start apparmor
$ sudo start apparmor ACTION=clear # clear policy cache
$ sudo start apparmor ACTION=teardown # unload all policy
$ sudo start apparmor ACTION=reload # reload policy
$ sudo start apparmor ACTION=force-reload # same as 'reload'
Because the job is an upstart(8) task, use 'start apparmor ACTION=teardown' to unload all policy.
In general, nothing extra has to be done for applications not started during boot or those that start after AppArmor's upstart job.
If the confined application has an Upstart job, adjust the job tUBUNTU POLICY LOAD
Ubuntu systems use upstart(8) instead of a traditional SysV init system. Because upstart is an event-driven init system and understanding that policy must be loaded before execution, Ubuntu loads
policy in two ways:
1. via upstart jobs for services started during the boot process
2. via the AppArmor upstart job for any remaining policy
The AppArmor upstart job is configured to make sure all policy is loaded before any user sessions start. When developing policy it is important to know how your application is started and if policy
load should be handled specially.
The upstart job may be call with or without arguments, like so:
$ sudo start apparmor
$ sudo start apparmor ACTION=clear # clear policy cache
$ sudo start apparmor ACTION=teardown # unload all policy
$ sudo start apparmor ACTION=reload # reload policy
$ sudo start apparmor ACTION=force-reload # same as 'reload'
Because the job is an upstart(8) task, use 'start apparmor ACTION=teardown' to unload all policy.
In general, nothing extra has to be done for applications not started during boot or those that start after AppArmor's upstart job.
If the confined application has an Upstart job, adjust the job to call /lib/init/
end script
If the confined application does not have an Upstart job but it starts before AppArmor's second stage initscript, then add a symlink from the policy file in /etc/apparmor.d to
$ cd /etc/apparmor/
$ sudo ln -s /etc/apparmor.
The network-
come up very early in the boot process, this will help ensure that AppArmor policy is loaded before the confined application starts.
In addition, AppArmor on Ubuntu stores policy in two places:
1. /etc/apparmor.d for system policy
2. /var/lib/
UBUNTU POLICY LOAD
Ubuntu systems use upstart(8) instead of a traditional SysV init system. Because upstart is an event-driven init system and understanding that policy must be loaded before execution, Ubuntu loads
policy in two ways:
1. via upstart jobs for services started during the boot process
2. via the AppArmor upstart job for any remaining policy
The AppArmor upstart job is configured to make sure all policy is loaded before any user sessions start. When developing policy it is important to know how your application is started and if policy
load should be handled specially.
The upstart job may be call with or without arguments, like so:
$ sudo start apparmor
$ sudo start apparmor ACTION=clear # clear policy cache
$ sudo start apparmor ACTION=teardown # unload all policy
$ sudo start apparmor ACTION=reload # reload policy
$ sudo start apparmor ACTION=force-reload # same as 'reload'
Because the job is an upstart(8) task, use 'start apparmor ACTION=teardown' to unload all policy.
In general, nothing extra has to be done for applications not started during boot or those that start after AppArmor's upstart job.
If the confined application has an Upstart job, adjust the job to call /lib/init/
end script
If the confined application does not have an Upstart job but it starts before AppArmor's second stage initscript, then add a symlink from the policy file in /etc/apparmor.d to
$ cd /etc/apparmor/
$ sudo ln -s /etc/apparmor.
The network-
come up very early in the boot process, this will help ensure that AppArmor policy is loaded before the confined application starts.
In addition, AppArmor on Ubuntu stores policy in two places:
1. /etc/apparmor.d for system policy
2. /var/lib/
See apparmor_parser(8) and aa-clickhook(1) for details.
Suggests: apparmor-profiles, apparmor-
See apparmor_parser(8) and aa-clickhook(1) for details.
o call /lib/init/
end script
If the confined application does not have an Upstart job but it starts before AppArmor's second stage initscript, then add a symlink from the policy file in /etc/apparmor.d to
$ cd /etc/apparmor/
$ sudo ln -s /etc/apparmor.
The network-
come up very early in the boot process, this will help ensure that AppArmor policy is loaded before the confined application starts.
In addition, AppArmor on Ubuntu stores policy in two places:
1. /etc/apparmor.d for system policy
2. /var/lib/
See apparmor_parser(8) and aa-clickhook(1) for details.
apparmor:
Installed: 2.10-0ubuntu6
Candidate: 2.10-0ubuntu6
Version table:
*** 2.10-0ubuntu6 0
500 http://
100 /var/lib/
Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10
I expected to read how ubuntu policy load works and not how it worked in an old version. Instead I got how it works in 14.10 and earlier and could not read how apparmor policy is loaded. I think this should be updated.
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: apparmor 2.10-0ubuntu6
ProcVersionSign
Uname: Linux 4.2.0-7-generic x86_64
ApportVersion: 2.18.1-0ubuntu1
Architecture: amd64
CurrentDesktop: LXDE
Date: Sat Sep 12 20:44:10 2015
InstallationDate: Installed on 2014-09-30 (347 days ago)
InstallationMedia: Lubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140930)
JournalErrors:
No journal files were found.
-- No entries --
ProcKernelCmdline: BOOT_IMAGE=
SourcePackage: apparmor
UpgradeStatus: Upgraded to wily on 2015-08-07 (36 days ago)
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
tags: | added: bionic |
yep, systemd documentation needs to be added.