On Mon, 2015-06-15 at 12:32 +0200, Stephan Kulow wrote:
On 15.06.2015 12:22, Dimstar / Dominique Leuenberger wrote:
On Mon, 2015-06-15 at 12:16 +0200, Christian Boltz wrote:
Hello,
AppArmor has a preset "enable by default" (in the separate systemd- presets-branding-openSUSE), but unfortunately the AppArmor package gets installed before systemd-presets-branding-openSUSE gets installed.
The result is: AppArmor doesn't get enabled :-( (see also https://bugzilla.opensuse.org/show_bug.cgi?id=931792 )
Can someone recommend a solution for this, or do I need to add a "systemctl enable apparmor.service" in %post?
I'd think that would be the wrong approach.... but that's my gut feeling.
What about something like this in apparmor's post script:
%post if [ "$1" = "1" ]; then # This is a fresh install, not an update... systemctl preset apparmor.service # Set the service enable/disable as per distribution preset fi
This should be ess surprising in all cases, and if the preset ever changes, this would not even need to be changed, and still do the right thing on a new package install
If we do this, what's the purpose of the systemd-presets-branding-openSUSE ? Shouldn't apparmor require it directly or indirectly?
Greetings, Stephan
The idea wouldn't work anyway - as apparmor is installed prior to the
preset package and thus can't read the default.
Probably the only way around this would be to require(post) the systemd
-preset-branding package, ensuring it is there during post script
execution of apparmor (and other packages installing service files).
Dominique
--
Dimstar / Dominique Leuenberger