From 531d50b7964ea82a7574fecd5d01ad460ba2fe4953cbc4426414a56543e1d7e5 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 12 Apr 2015 21:08:34 +0000 Subject: [PATCH] Accepting request 293870 from home:elvigia:branches:security:apparmor - Add a native systemd unit which *at the moment* only wraps/masks the early boot script. OBS-URL: https://build.opensuse.org/request/show/293870 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=127 --- apparmor.changes | 6 ++++++ apparmor.service | 16 ++++++++++++++++ apparmor.spec | 19 +++++++++++++++---- 3 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 apparmor.service diff --git a/apparmor.changes b/apparmor.changes index 96c8399..2c48515 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 1 03:47:44 UTC 2015 - crrodriguez@opensuse.org + +- Add a native systemd unit which *at the moment* only + wraps/masks the early boot script. + ------------------------------------------------------------------- Tue Feb 24 13:19:10 UTC 2015 - rguenther@suse.com diff --git a/apparmor.service b/apparmor.service new file mode 100644 index 0000000..aabe5f0 --- /dev/null +++ b/apparmor.service @@ -0,0 +1,16 @@ +[Unit] +Description=Load AppArmor profiles +DefaultDependencies=no +Before=sysinit.target +After=systemd-journald-audit.socket +ConditionSecurity=apparmor + +[Service] +Type=oneshot +ExecStart=/etc/init.d/boot.apparmor start +ExecReload=/etc/init.d/boot.apparmor reload +ExecStop=/etc/init.d/boot.apparmor stop +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/apparmor.spec b/apparmor.spec index 24d20aa..44573c5 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -1,7 +1,7 @@ # # spec file for package apparmor # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2011-2014 Christian Boltz # # All modifications and additions to the file contributed by third parties @@ -72,7 +72,7 @@ Source2: %{name}.keyring Source5: update-trans.sh Source6: baselibs.conf Source7: apparmor-rpmlintrc - +Source8: apparmor.service # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff @@ -151,6 +151,9 @@ BuildRequires: java-devel >= 1.6.0 BuildRequires: tomcat6 %endif +BuildRequires: systemd-rpm-macros +%{?systemd_requires} + %package parser Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -595,6 +598,8 @@ done # remove *.la files rm -fv %{buildroot}%{_libdir}/libapparmor.la +install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service + echo ------------------------------------------------------------------- #find -ls echo ------------------------------------------------------------------- @@ -626,6 +631,7 @@ echo ------------------------------------------------------------------- %else %{_sysconfdir}/init.d/apparmor %endif +%{_unitdir}/apparmor.service %config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf %config(noreplace) %{_sysconfdir}/apparmor/parser.conf %{_localstatedir}/lib/apparmor @@ -636,13 +642,12 @@ echo ------------------------------------------------------------------- %doc %{_mandir}/man5/subdomain.conf.5.gz %doc %{_mandir}/man7/apparmor.7.gz %doc %{_mandir}/man8/apparmor_parser.8.gz -%if %{distro} == "redhat" || %{distro} == "rhel4" %pre parser if [ -f %{_sysconfdir}/init.d/subdomain ] ; then chkconfig --del subdomain fi -%endif +%service_add_pre apparmor.service %files parser-lang -f apparmor-parser.lang @@ -827,6 +832,8 @@ fi fi %endif +%service_add_post apparmor.service + %preun parser if [ "$1" = 0 ] ; then %if %{distro} == "suse" @@ -837,6 +844,8 @@ if [ "$1" = 0 ] ; then %endif fi +%service_del_preun apparmor.service + %postun parser %if %{distro} == "suse" #restart_on_update boot.apparmor - but non-broken (bnc#853019) @@ -851,6 +860,8 @@ fi %{insserv_cleanup} || true %endif +%service_del_postun apparmor.service + %post abstractions %if %{distro} == "suse" #restart_on_update boot.apparmor - but non-broken (bnc#853019)