Hello, Am Dienstag, 31. März 2015 schrieb Cristian Rodríguez:
I am currently working on a fix for apparmor and on removing the few remaning early boot sysvinit scripts..(this one is the only important left)
After some delays (sorry!), I just requested your SR to security:apparmor an hour ago and added suse_version conditionals so that it only applies to Factory. Unfortunately, I found a problem when testing the packages: https://bugzilla.opensuse.org/show_bug.cgi?id=853019 is back :-( It seems the mapping of restart and try-restart to stop/start instead of passing it through to the initscript also applies to native *.service files. In other words: updating the apparmor-parser package removes the AppArmor protection from running processes :-( How can I fix this? - I'd love to simply add ExecRestart=/etc/apparmor.d/boot.apparmor reload but systemd tells me this option is unknown (would have been too easy) - I could replace the problematic %service_del_postun (which contains a "systemctl try-restart", which maps to stop/start) with a fixed version, even if I'm not too keen to carry another copy of a broken rpm macro - BTW: why doesn't %post not contain a systemctl command to restart the service? - even when the macros are fixed, this still doesn't fix manual calls of systemctl restart apparmor.service - that still removes AppArmor protection from running processes :-( Do you have an idea how I can solve this problem? I'm afraid I can't submit the package to Factory in the current state because it would remove AppArmor protection from running programs (until restarting them or rebooting), so any ideas how I can fix the above problems (ideally without adding another workaround in the package) is more than welcome!
fixing the systemd bug is on the shoulders of people that want this SUSE specific hack to live on and I will not waste my time with it ever again.
<rant> Replacing it with core systemd bugs doesn't make it better :-( </rant> Regards, Christian Boltz -- Die SLES macht ja die gleichen Zicken, dafür kann man sich aber aufgrun der höheren Preises zumindest eines der armen Support-Würstchen greifen und erfahren: "ZEN bietet aber darüber hinaus viele Vorteile.". Grrrr. [Bernd Glueckert in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org