So at the moment, apparmor starts After=local-fs.target and Before=sysinit.target.
network-interface-security.conf does: start on (starting network-interface or starting network-manager or starting networking) network-interface corresponds to ifup@.service, networking is just the ifupdown init.d script; these two need an After=apparmor.service. NetworkManager.service has DefaultDependencies=yes (the default), thus the ordering there is fine already. It seems to me that adding these two ordering constraints is simpler and potentially also more efficient than running /sbin/apparmor_parser manually? ** Also affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1438249 Title: /sbin/dhclient is unconfined after switch to systemd (aka, equivalent of upstart's network-interface-security.conf not implemented) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1438249/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs