Bug 157373 - /etc/init.d/boot.apparmor try-restart reloads profiles when apparmor is stopped
Summary: /etc/init.d/boot.apparmor try-restart reloads profiles when apparmor is stopped
Status: RESOLVED WONTFIX
Alias: None
Product: openSUSE 10.3
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Alpha 1
Hardware: Other Other
: P5 - None : Enhancement (vote)
Target Milestone: ---
Assignee: Steve Beattie
QA Contact: Dominic W Reynolds
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-11 01:18 UTC by Seth R Arnold
Modified: 2008-09-02 18:07 UTC (History)
1 user (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Seth R Arnold 2006-03-11 01:18:51 UTC 
/etc/init.d/boot.apparmor try-restart will load apparmor profiles even if apparmor is in the 'stopped' state:

dhcp-81:/var/log/audit # rcapparmor stop
Shutting down AppArmor Event daemon                                   done
Unloading AppArmor profiles                                           done
dhcp-81:/var/log/audit # rcapparmor try-restart
OWLSM extension not supported by this version of AppArmor.             warning
Reloading AppArmor profiles                                           done
Shutting down AppArmor Event daemon                                   failed
Starting AppArmor Event daemon                                        done
dhcp-81:/var/log/audit # rcapparmor status
apparmor module is loaded.
49 profiles are loaded.
49 profiles are in enforce mode.
0 profiles are in complain mode.
Out of 63 processes running:
0 processes have profiles defined.
0 processes have profiles in enforce mode.
0 processes have profiles in complain mode.
dhcp-81:/var/log/audit #
Comment 1 Dominic W Reynolds 2006-03-15 17:45:06 UTC 
Pending info from dreynolds (passing proposal for new init script to aj/kukuk).
Would like to pull aa-eventd into its own initscript prior to addressing this issue. Will reduce the complexity of this code to decompose the startup of these two programs (apparmor, aa-eventd).
Comment 2 Dominic W Reynolds 2006-03-29 23:19:48 UTC 
try-restart when the module is loaded but policy is not should *not* load policy.
Comment 3 Dominic W Reynolds 2006-04-03 05:14:06 UTC 
Seth can you pick this up? the eventd rework is done.
Comment 4 Seth R Arnold 2006-04-07 22:05:56 UTC 
Yeah. Thankfully, it's a little less pressing; the whole point of wanting try-restart "immediately" was so that the reporting code in yast could easily force the event daemon to reload its configuration file. Splitting it into its own  init script has reduced the need for this feature. (Though it would still be nice to do.)
Comment 5 Seth R Arnold 2007-01-26 01:14:46 UTC 
Move this to openSUSE 10.3, as we don't really intend to release this for older versions. (It'll be a scramble to get it done for 10.3 in fact.)
Comment 6 Steve Beattie 2007-01-30 19:06:27 UTC 
I'll take this bug and see if I can't knock it off. With the inclusion of aa_status, it shouldn't be hard to detect we're in the equivalent of a "stopped" state.
Comment 7 Dominic W Reynolds 2007-08-20 19:27:55 UTC 
Will adress post 10.3
Comment 8 Bugzilla Account Maintenance 2008-09-02 18:07:44 UTC 
Because the LATER and REMIND resolutions have been removed, the resolution of this bug has changed from LATER to WONTFIX. If this bug needs to be reconsidered, reopen it and set a future "Target Milestone for Fix."