[apparmor] What's the right way to enforce program in systemd service?

Wed Aug 6 00:41:40 UTC 2014

Hi,

I add a few lines in a systemd service, does it look unnecessary to you?
Or should I do all this after system is fully booted, that apply it to
an already running program?

"Use of uninitialized value $ENV{"TERM"} in hash element at
/usr/lib/perl5/vendor_perl/Term/ReadLine/Gnu/XS.pm line 371." This is
quiet annoying though

# systemctl status nscd
● nscd.service - Name Service Cache Daemon
   Loaded: loaded (/etc/systemd/system/nscd.service; enabled)
   Active: active (running) since Wed 2014-08-06 08:34:37 CST; 22s ago
  Process: 2648 ExecStart=/usr/sbin/nscd (code=exited, status=0/SUCCESS)
  Process: 2636 ExecStartPre=/usr/sbin/aa-enforce
/etc/apparmor.d/usr.sbin.nscd (code=exited, status=0/SUCCESS)
 Main PID: 2650 (nscd)
   CGroup: /system.slice/nscd.service
           └─2650 /usr/sbin/nscd

Aug 06 08:34:36 WIN-QK6JOWSFN7 aa-enforce[2636]: Use of uninitialized
value $ENV{"TERM"} in hash element at
/usr/lib/perl5/vendor_perl/Term/ReadLine/Gnu/XS.pm line 371.
Aug 06 08:34:36 WIN-QK6JOWSFN7 aa-enforce[2636]: Setting
/etc/apparmor.d/usr.sbin.nscd to enforce mode.
[ROOT SHELL: ~]

-- 
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print:   9F67 391B B770 8FF6 99DC  D92D 87F6 2602 1371 4D33