| openSUSE-Dokumentation Novell AppArmor (2.3) Quick Start / 3. AppArmor Command Line Tools | ||||
|---|---|---|---|---|
 | 2. Starting and Stopping AppArmor | 4. Methods of Profiling |  | |
| openSUSE-Dokumentation Novell AppArmor (2.3) Quick Start / 3. AppArmor Command Line Tools | ||||
|---|---|---|---|---|
| 2. Starting and Stopping AppArmor | 4. Methods of Profiling | | |
Guess basic AppArmor profile requirements. autodep creates a stub profile for the program or application examined. The resulting profile is called “approximate” because it does not necessarily contain all of the profile entries that the program needs to be confined properly.
Set an AppArmor profile to complain mode.
Manually activating complain mode (using the command line) adds a flag to the top of the profile so that /bin/foo becomes /bin/foo flags=(complain).
Set an AppArmor profile to enforce mode from complain mode.
Manually activiating enforce mode (using the command line) removes mode flags from the top of the profile /bin/foo flags=(complain) becomes /bin/foo.
Generate or update a profile. When running, you must specify a program
to profile. If the specified program is not an absolute path, genprof
searches the $PATH variable. If a profile does not
exist, genprof creates one using autodep.
Manage AppArmor profiles. logprof is an interactive tool used to review the learning or complain mode output found in the AppArmor syslog entries and to generate new entries in AppArmor profiles.
Output a list of processes with open tcp or udp ports that do not have AppArmor profiles loaded.
