On 12/19/2011 3:20 PM, Christian Boltz wrote:
You probably know that there is nothing like a permanently running AppArmor process, so looking up the status somewhere in the process table ("is the started process still running?") is impossible. I allso don't like the idea to rely on "we loaded the profiles, so they must still be there" because someone could have unloaded them manually.
I'm going to have a similar problem with LXC VM's. There is no "service" and yet there is definitely a start and a stop and two necessary forms of status, and that status needs to list the status of individual vm's as well as provide a summary exit value that can inform init (be that sysv or upstart or systemd etc...) when it's ok to finish powering down the host, or not. Saying that lxc is merel "running" or "not running" really makes no sense, but it is useful for the purpose of safe and graceful shutdown of the host to treat "running" as "are any vm's currently running?" If even one is, then do not shut down the host yet, ask that vm to shutdown and wait for it to do so. Do the same for all configured vm's (having recognized config files in a single recognized spot) and don't worry about the possibility of manually created & started vm's, just like you don't worry about the possibility of manually executed instances of vsftpd.
I expect it will be perfectly possible to create a meaningful unit file that takes the place of my rclxc but I am unnerved by reading comments about too-simple assumptions systemd makes. No such thing as any other verbs besides start/stop/status? Gee, what a nice simple world they live in. I do not live in that world. I am hoping it's not really as bad as that.