From c40553612618a7b26dfcee52196810004f7c5bf2 Mon Sep 17 00:00:00 2001
From: TomasM <tomas@slax.org>
Date: Sun, 17 Nov 2019 08:58:42 +0000
Subject: [PATCH] Disable apparmor for Slax

---
 .../usr/lib/systemd/system/apparmor.service   | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 Slax/debian10/rootcopy/usr/lib/systemd/system/apparmor.service

diff --git a/Slax/debian10/rootcopy/usr/lib/systemd/system/apparmor.service b/Slax/debian10/rootcopy/usr/lib/systemd/system/apparmor.service
new file mode 100644
index 0000000..a2df76a
--- /dev/null
+++ b/Slax/debian10/rootcopy/usr/lib/systemd/system/apparmor.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=Load AppArmor profiles
+DefaultDependencies=no
+Before=sysinit.target
+After=local-fs.target
+After=systemd-journald-audit.socket
+RequiresMountsFor=/var/cache/apparmor
+AssertPathIsReadWrite=/sys/kernel/security/apparmor/.load
+ConditionSecurity=apparmor
+Documentation=man:apparmor(7)
+Documentation=https://gitlab.com/apparmor/apparmor/wikis/home/
+
+# Don't start this unit on the Ubuntu Live CD
+ConditionPathExists=!/rofs/etc/apparmor.d
+
+# Don't start this unit on the Debian Live CD when using overlayfs
+ConditionPathExists=!/run/live/overlay/work
+
+# Don't start this unit on Slax Live CD
+ConditionPathExists=!/run/initramfs/lib/livekitlib
+
+[Service]
+Type=oneshot
+ExecStart=/lib/apparmor/apparmor.systemd reload
+ExecReload=/lib/apparmor/apparmor.systemd reload
+
+# systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement
+# from running processes (and not being able to re-apply it later).
+# Upstream systemd developers refused to implement an option that allows overriding
+# this behaviour, therefore we have to make ExecStop a no-op to error out on the
+# safe side.
+#
+# If you really want to unload all AppArmor profiles, run   aa-teardown
+ExecStop=/bin/true
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sysinit.target