blob: 2490d1bb84bd0d6c57efbe474013c422fdb12e51 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[Unit]
Description=Load AppArmor profiles
DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
After=var.mount var-lib.mount
ConditionSecurity=apparmor
[Service]
Type=oneshot
ExecStart=/usr/lib/apparmor/apparmor.systemd reload
ExecReload=/usr/lib/apparmor/apparmor.systemd reload
# systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement
# from running processes (and not being able to re-apply it later).
# Upstream systemd developers refused to implement an option that allows overriding
# this behaviour, therefore we have to make ExecStop a no-op to error out on the
# safe side.
#
# If you really want to unload all AppArmor profiles, run aa-teardown
ExecStop=/usr/bin/true
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
|