AppArmor and Upstart
Scott James Remnant
scott at netsplit.com
Thu Dec 22 21:37:27 UTC 2011
On Wed, Dec 21, 2011 at 11:52 AM, Jamie Strandboge <jamie at canonical.com>wrote:
> We could make the apparmor helper for upstart an integral part of
> Upstart such that when a job is started, Upstart automatically loads
> policy for the executable. This is an interesting option, but seems to
> require considerable work. It solves the non-discoverability problem as
> well as time on distribution integration work, but does not obviate the
> need for the second stage.
>
>
This need not be an integral part, and can be accomplished with a simple
job:
start on starting
# note no job name, we get that as $JOB in our script
task
pre-start exec test -f /etc/apparmor.d/cache/$JOB
exec apparmor-stuff
This will be run for every job started by Upstart, and block each one until
complete
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/upstart-devel/attachments/20111222/8baf5fc5/attachment.html>
More information about the upstart-devel
mailing list