From d7cc2415eaae9d81dbc511bfb9dc9a9626b58b58 Mon Sep 17 00:00:00 2001
From: Evgeny Egorochkin <phreedom@yandex.ru>
Date: Sat, 11 May 2013 08:40:45 +0300
Subject: [PATCH] AppArmor: try converting to a systemd unit

---
 modules/security/apparmor.nix | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/modules/security/apparmor.nix b/modules/security/apparmor.nix
index ec371e55423..51ae40ce326 100644
--- a/modules/security/apparmor.nix
+++ b/modules/security/apparmor.nix
@@ -40,19 +40,26 @@ AppArmor.
                      message = "AppArmor is enabled, but the kernel doesn't have AppArmor support"; }
                  ];
 
-    jobs.apparmor =
-      { startOn = "startup";
+    environment.systemPackages = [ pkgs.apparmor ];
 
-	path = [ pkgs.apparmor ];
+    systemd.services.apparmor = {
+      #wantedBy = [ "basic.target" ];
+      wantedBy = [ "local-fs.target" ];
+      path = [ pkgs.apparmor ];
 
-        preStart = concatMapStrings (profile: ''
-          apparmor_parser -Kv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
+      serviceConfig = {
+	Type = "oneshot";
+	RemainAfterExit = "yes";
+        ExecStart = concatMapStrings (profile: ''
+          ${pkgs.apparmor}/sbin/apparmor_parser -rKv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
+        '') cfg.profiles;
+        ExecStop = concatMapStrings (profile: ''
+          ${pkgs.apparmor}/sbin/apparmor_parser -Rv "${profile}"
         '') cfg.profiles;
-
-	postStop = ''
-	'';
       };
 
+    };
+
   };
 
 }