Am 23.05.2016 um 23:33 schrieb Michael Biebl:
2016-05-23 22:52 GMT+02:00 Christian Boltz <systemd-de...@cboltz.de>:I'd argue that nobody will complain if "systemctl restart apparmor" does something sane (reloading the profiles) instead of making the system insecure by removing the confinement from all running processes ;-)So, you really want reload here, not restart. Since you want to prevent that running systemclt restart apparmor does something insecure, using RefuseManualStop=true (as mentioned before), sounds like a good solution for your problem
since it's a oneshot unit the whole problem of a existing stop action which would do more harm than good is selfmade from the begin
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
