]> git.ipfire.org Git - thirdparty/systemd.git/commit - src/core/main.c
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d689f0f) | patch
AppArmor: Support for loading a set of pre-compiled profiles at startup time
authorYmrDtnJu <YmrDtnJu@users.noreply.github.com>
Mon, 25 May 2020 08:46:54 +0000 (10:46 +0200)
committerLennart Poettering <lennart@poettering.net>
Tue, 9 Jun 2020 18:27:47 +0000 (20:27 +0200)
commit2ffadd3ceee3abcb339d3ec08a11238794d42d24
treeb577229f2694e571fedeabce40f07f597bae5f29tree | snapshot
parentd689f0f20aba32fd1b99330f032a6a343d0e2ab5commit | diff
AppArmor: Support for loading a set of pre-compiled profiles at startup time

Let systemd load a set of pre-compiled AppArmor profile files from a policy
cache at /etc/apparmor/earlypolicy. Maintenance of that policy cache must be
done outside of systemd.

After successfully loading the profiles systemd will attempt to change to a
profile named systemd.

If systemd is already confined in a profile, it will not load any profile files
and will not attempt to change it's profile.

If anything goes wrong, systemd will only log failures. It will not fail to
start.
meson.build diff | blob | blame | history
src/core/apparmor-setup.c [new file with mode: 0644] blob
src/core/apparmor-setup.h [new file with mode: 0644] blob
src/core/main.c diff | blob | blame | history
src/core/meson.build diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.