Incomplete AppArmor rc script dependencies
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apparmor (Ubuntu) |
Fix Released
|
Low
|
Kees Cook | ||
Bug Description
Binary package hint: apparmor
AppArmor declares not to depend on any other rc scripts. From /etc/init.
-- 8< --
### BEGIN INIT INFO
# Provides: apparmor
# Required-Start:
# Required-Stop:
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: AppArmor initialization
# Description: AppArmor rc file. This rc script inserts the apparmor
# module and runs the parser on the /etc/apparmor.d/
# directory.
### END INIT INFO
-- 8< --
Unfortunately, this is not quite correct as AppArmor depends on the availability of a writable temp directory (otherwise the rc script will fail to initialize apparmor correctly), so all file systems have to be mounted rw before apparmor can be initialized.
I'd therefore like to propose to change the start dependencies to:
# Required-Start: mountall
| Kees Cook (kees) wrote | #1 |
| Changed in apparmor (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| importance: | Undecided → Low |
| status: | New → Fix Committed |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in apparmor (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Thanks for the suggestion. I've added mountall and umountfs to Start/Stop now.