AppArmor ships a set of profiles enabled by default and created by the AppArmor
developers and kept under the /etc/apparmor.d
. In
addition to these profiles,
openSUSE
ships profiles for individual applications together with the respective
application. These profiles are not enabled by default and reside under
another directory than the standard AppArmor profiles,
/etc/apparmor/profiles/extras
.
AppArmor also supports the use of an external profile repository. This repository is maintained by Novell and allows you to download profiles generated by Novell and other AppArmor users as well as uploading your own. Find the profile repository at http://apparmor.opensuse.org.
The AppArmor tools, both YaST and aa-genprof and aa-logprof, support the
use of a local repository. Whenever you start to create a new profile
from scratch and there already is one inactive profile in your local
repository, you are asked whether you would like to use the existing
inactive one from /etc/apparmor/profiles/extras
and
whether you want to base your efforts on it. If you decide to use this
profile, it gets copied over to the directory of profiles enabled by
default (/etc/apparmor.d
) and loaded whenever AppArmor
is started. Any further further adjustments will be done to the active
profile under /etc/apparmor.d
.