/etc/init/network-interface-security.conf is in ifupdown 0.7.47.2ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | # network-interface-security - configure network device security
#
# This is a one-time start-up script to load AppArmor profiles needed
# before the network comes up.
description "configure network device security"
# In order to avoid upstart bug LP: #447654, we cannot have an AND
# statement here (with the ORs). An "and virtual-filesystems" is desired
# here to make sure that the securityfs is mounted, but since each of the
# ORed services already require virtual-filesystems be mounted, this is safe:
start on (starting network-interface
or starting network-manager
or starting networking)
stop on (stopped network-interface JOB=$JOB INTERFACE=$INTERFACE
or stopped network-manager JOB=$JOB
or stopped networking JOB=$JOB)
# In order to handle the lack of upstart feature LP: #568860, we need to
# run multiple times, for each of the above "starting" service instances, or
# else another one might run while we're running, and not wait for us to
# finish.
instance $JOB${INTERFACE:+/}${INTERFACE:-}
# Since we need these profiles to be loaded before any of the above services
# begin running, this service must be a pre-start so that its pre-start
# script finishes before the above services' start scripts begin.
pre-start script
[ -f /run/network-interface-security ] && exit 0 # already ran
[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD
[ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
for link in /etc/apparmor/init/network-interface-security/* ; do
[ -L $link ] && /sbin/apparmor_parser -r -W $link || true
done
> /run/network-interface-security
end script
|