diff --git a/cmd/prebuild/main.go b/cmd/prebuild/main.go index 2ebd2c22..f7767c63 100644 --- a/cmd/prebuild/main.go +++ b/cmd/prebuild/main.go @@ -47,6 +47,8 @@ func aaPrebuild() error { if full { prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy) + } else { + prebuild.Prepares = append(prebuild.Prepares, prebuild.SetDefaultSystemd) } if complain { prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain) diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go index 2ed9e362..20c9d9be 100644 --- a/pkg/prebuild/prepare.go +++ b/pkg/prebuild/prepare.go @@ -173,6 +173,11 @@ func SetFlags() error { return nil } +// Set systemd unit drop in files to ensure some service start after apparmor +func SetDefaultSystemd() error { + return copyTo(paths.New("systemd/default/"), Root.Join("systemd")) +} + // Set AppArmor for (experimental) full system policy. // See https://apparmor.pujol.io/development/structure/#full-system-policy func SetFullSystemPolicy() error { diff --git a/pkg/prebuild/tools.go b/pkg/prebuild/tools.go index 68878873..f0df64ba 100644 --- a/pkg/prebuild/tools.go +++ b/pkg/prebuild/tools.go @@ -71,6 +71,9 @@ func copyTo(src *paths.Path, dst *paths.Path) error { return err } destination = dst.JoinPath(destination) + if err := destination.Parent().MkdirAll(); err != nil { + return err + } if err := file.CopyTo(destination); err != nil { return err } diff --git a/systemd/system/haveged.service b/systemd/default/system/haveged.service similarity index 100% rename from systemd/system/haveged.service rename to systemd/default/system/haveged.service diff --git a/systemd/system/multipathd.service b/systemd/default/system/multipathd.service similarity index 100% rename from systemd/system/multipathd.service rename to systemd/default/system/multipathd.service diff --git a/systemd/system/pcscd.service b/systemd/default/system/pcscd.service similarity index 100% rename from systemd/system/pcscd.service rename to systemd/default/system/pcscd.service diff --git a/systemd/system/systemd-journald.service b/systemd/default/system/systemd-journald.service similarity index 100% rename from systemd/system/systemd-journald.service rename to systemd/default/system/systemd-journald.service diff --git a/systemd/system/systemd-networkd.service b/systemd/default/system/systemd-networkd.service similarity index 100% rename from systemd/system/systemd-networkd.service rename to systemd/default/system/systemd-networkd.service diff --git a/systemd/system/systemd-timesyncd.service b/systemd/default/system/systemd-timesyncd.service similarity index 100% rename from systemd/system/systemd-timesyncd.service rename to systemd/default/system/systemd-timesyncd.service diff --git a/systemd/default/system/systemd-userdbd.service b/systemd/default/system/systemd-userdbd.service new file mode 100644 index 00000000..cd284057 --- /dev/null +++ b/systemd/default/system/systemd-userdbd.service @@ -0,0 +1,2 @@ +[Unit] +After=apparmor.service \ No newline at end of file diff --git a/systemd/user/org.freedesktop.IBus.session.GNOME.service b/systemd/default/user/org.freedesktop.IBus.session.GNOME.service similarity index 100% rename from systemd/user/org.freedesktop.IBus.session.GNOME.service rename to systemd/default/user/org.freedesktop.IBus.session.GNOME.service