Le lundi 19 décembre 2011 à 21:20 +0100, Christian Boltz a écrit :
Hello,
Am Samstag, 17. Dezember 2011 schrieb Cristian Rodríguez:
On 18/12/11 13:53, Christian Boltz wrote:
Now tell me how to do this in a *.service file without using a script (extremely simplified version of loading the AppArmor profiles):
ls -1 /etc/apparmor.d/ | grep -v 'rpmnew$|rpmold$' | \ while read profile ; do apparmor_parser "/etc/apparmor.d/$profile" done
I guess apparmor_parser can by itself exclude backup files and provide recursion no ?
AFAIK it can't - the current initscript loads one profile after the other. It might sound like a disadvantage, but OTOH it allows to selectively load or reload a single profile manually.
To name another example: check the current (quite verbose) output of "rcapparmor status". How can this (running the "aa-status" command) be done with systemd when someone checks the status? I know about ExecStart, ExecReload and ExecStop, but I don't see something like ExecStatus in systemd.service(5).
You probably know that there is nothing like a permanently running AppArmor process, so looking up the status somewhere in the process table ("is the started process still running?") is impossible. I allso don't like the idea to rely on "we loaded the profiles, so they must still be there" because someone could have unloaded them manually.
Back to my question - how can this be handled in a *.service file?
It can't. systemctl status foo.service is supposed to return an errorcode (and some systemd text output), in a standard form and that's it.
rc* SUSE-ish shouldn't rely on initscript "status" command to output anything but the "standard" form. Additional commands should be used instead.
See http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities