Hello, Am Donnerstag, 16. April 2015 schrieb Michael Biebl: > Or maybe better: > provide a native .service file, hook that up in sysinit.target and add > Wants=network-pre.target > Before=network-pre.target > to apparmor.service. See man systemd.special
FYI: I received a service file for openSUSE some weeks ago from a contributor. Basically it's just a wrapper around the initscript (so probably not the final solution), but it's a good start nevertheless ;-) [Unit] Description=Load AppArmor profiles DefaultDependencies=no Before=sysinit.target After=systemd-journald-audit.socket ConditionSecurity=apparmor [Service] Type=oneshot ExecStart=/etc/init.d/boot.apparmor start ExecReload=/etc/init.d/boot.apparmor reload ExecStop=/etc/init.d/boot.apparmor stop RemainAfterExit=yes [Install] WantedBy=multi-user.target Also let me warn you that systemd comes with some problems for AppArmor: https://bugzilla.opensuse.org/show_bug.cgi?id=853019 Basically systemd maps "systemctl restart apparmor" to "stop, then start", which means the confinement gets removed from running processes. Regards, Christian Boltz -- Whatever, but the purpose of software is to help users, not the other way round. No, developers are not to be considered "users" >:-p [Carlos E. R. in opensuse-factory] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org