AppArmor Profile Repositories

Contents

3.1. Using the Local Repository
3.2. Using the External Repository

AppArmor ships a set of profiles enabled by default and created by the AppArmor developers and kept under the /etc/apparmor.d. In addition to these profiles, openSUSE ships profiles for individual applications together with the respective application. These profiles are not enabled by default and reside under another directory than the standard AppArmor profiles, /etc/apparmor/profiles/extras.

AppArmor also supports the use of an external profile repository. This repository is maintained by Novell and allows you to download profiles generated by Novell and other AppArmor users as well as uploading your own. Find the profile repository at http://apparmor.opensuse.org.

Using the Local Repository

The AppArmor tools, both YaST and aa-genprof and aa-logprof, support the use of a local repository. Whenever you start to create a new profile from scratch and there already is one inactive profile in your local repository, you are asked whether you would like to use the existing inactive one from /etc/apparmor/profiles/extras and whether you want to base your efforts on it. If you decide to use this profile, it gets copied over to the directory of profiles enabled by default (/etc/apparmor.d) and loaded whenever AppArmor is started. Any further further adjustments will be done to the active profile under /etc/apparmor.d.