Editing Profiles

AppArmor enables you to edit Novell AppArmor profiles manually by adding, editing, or deleting entries. To edit a profile, proceed as follows:

  1. Start YaST and select Novell AppArmor+Edit Profile.

    Choose the profile to edit
  2. From the list of profiled applications, select the profile to edit.

  3. Click Next. The AppArmor Profile Dialog window displays the profile.

    AppArmor profile dialog
  4. In the AppArmor Profile Dialog window, add, edit, or delete Novell AppArmor profile entries by clicking the corresponding buttons and referring to Section 4.3.1, “Adding an Entry”, Section 4.3.2, “Editing an Entry”, or Section 4.3.3, “Deleting an Entry”.

  5. When you are finished, click Done.

  6. In the pop-up that appears, click Yes to confirm your changes to the profile and reload the AppArmor profile set.

[Tip]Syntax Checking in AppArmor

AppArmor contains a syntax check that notifies you of any syntax errors in profiles you are trying to process with the YaST AppArmor tools. If an error occurs, edit the profile manually as root and reload the profile set with rcapparmor reload.

Adding an Entry

The Add Entry option can be found in Section 4.2, “Manually Adding a Profile” or Section 4.3, “Editing Profiles”. When you select Add Entry, a list shows the types of entries you can add to the Novell AppArmor profile.

From the list, select one of the following:

File

In the pop-up window, specify the absolute path of a file, including the type of access permitted. When finished, click OK.

You can use globbing if necessary. For globbing information, refer to Section 2.6, “Paths and Globbing”. For file access permission information, refer to Section 2.7, “File Permission Access Modes”.

Select a file to add
Directory

In the pop-up window, specify the absolute path of a directory, including the type of access permitted. You can use globbing if necessary. When finished, click OK.

For globbing information, refer to Section 2.6, “Paths and Globbing”. For file access permission information, refer to Section 2.7, “File Permission Access Modes”.

Select a directory to add
Network Rule

In the pop-up window, select the appropriate network family and the socket type. For more information, refer to Section 2.5, “Network Access Control”.

Select capabilities
Capability

In the pop-up window, select the appropriate capabilities. These are statements that enable each of the 32 POSIX.1e capabilities. Refer to Section 2.4, “Capability Entries (POSIX.1e)” for more information about capabilities. When finished making your selections, click OK.

Select capabilities
Include

In the pop-up window, browse to the files to use as includes. Includes are directives that pull in components of other Novell AppArmor profiles to simplify profiles. For more information, refer to Section 2.3, “#include Statements”.

Select includes
Hat

In the pop-up window, specify the name of the subprofile (hat) to add to your current profile and click Create Hat. For more information, refer to Chapter 6, Profiling Your Web Applications Using ChangeHat.

Editing an Entry

When you select Edit Entry, the file browser pop-up window opens. From here, edit the selected entry.

In the pop-up window, specify the absolute path of a file, including the type of access permitted. You can use globbing if necessary. When finished, click OK.

Edit an entry

For globbing information, refer to Section 2.6, “Paths and Globbing”. For file access permission information, refer to Section 2.7, “File Permission Access Modes”.

Deleting an Entry

To delete an entry in a given profile, select Delete Entry. AppArmor removes the selected profile entry.