[apparmor] [patch] systemd support in rc.apparmor.functions (apparmor-securityfs-systemd.patch)

[Jeff Mahoney]

On 08/13/2011 08:21 AM, Christian Boltz wrote:
> Hello,
>
> Am Dienstag, 9. August 2011 schrieb Steve Beattie:
>> On Mon, Aug 08, 2011 at 11:55:50PM +0200, Christian Boltz wrote:
>>> this openSUSE patch is probably the shortest ;-) and adds systemd
>>> support to rc.apparmor.functions
>>
>> Acked-By: Steve Beattie<sbeattie at ubuntu.com>  though an explanatory
>> comment would be useful as to explaining why testing for the
>> existence of the ${SECURITYFS} location in a systemd world might be
>> useful. (I think I know the reason, but would like verification.)
>
> Unfortunately I don't know the reason, therefore I commited it without a
> comment ;-)

Hi Steve -

The test for existence serves a dual purpose. The first is that 
accessing it will cause systemd to automount it. Then the result of the 
test will provide the answer for whether it's mounted.

The changelog entry in our package reads as:
- Add apparmor-securityfs-systemd.patch: do not mount securityfs
   when running under systemd, just access the directory, systemd
   will automount it (bnc#704460).

It should've been in the patch header. I'll have to be more diligent 
about scanning for that when accepting contributions.

-Jeff

> Jeff or Steve, if you provide a comment/explanation, I'll happily add
> it.
>
> BTW: Steve, your mails took several days to be delivered. Is this a
> known problem on your side or something that needs to be checked?
>
>>> --- a/parser/rc.apparmor.functions
>>> +++ b/parser/rc.apparmor.functions
>>> @@ -295,7 +295,7 @@ is_apparmor_loaded() {
>>>
>>>   }
>>>
>>>   is_securityfs_mounted() {
>>>
>>> -	grep -q securityfs /proc/filesystems&&  grep -q securityfs
>>> /proc/mounts
>>> +	test -d ${SECURITYFS} -a -d /sys/fs/cgroup/systemd
>>> || grep -q securityfs /proc/filesystems&&  grep -q securityfs
>>> /proc/mounts
>>>
>>>   	return $?
>>>
>>>   }
>
>
> Regards,
>
> Christian Boltz


-- 
Jeff Mahoney
SUSE Labs