Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008 Deployment Manual page 784

2 Run the full range of the application's actions to let AppArmor get a very specific
3 Let AppArmor analyze the log files generated in
4 Depending on the complexity of your application, it might be necessary to repeat
5 Once all access permissions are set, your profile is set to enforce mode. The
768 Deployment Guide
or
Outline the basic profile by running YaST > Novell AppArmor > Add Profile
Wizard and specifying the complete path of the application to profile.
A basic profile is outlined and AppArmor is put into learning mode, which means
that it logs any activity of the program you are executing but does not yet restrict
it.
picture of its activities.
typing S in aa-genprof.
or
Analyze the logs by clicking Scan system log for AppArmor events in the Add
Profile Wizard and following the instructions given in the wizard until the profile
is completed.
AppArmor scans the logs it recorded during the application's run and asks you
to set the access rights for each event that was logged. Either set them for each
file or use globbing.
Step 2 (page 768) and
the confined conditions, and process any new log events. To properly confine
the full range of an application's capabilities, you might be required to repeat this
procedure often.
profile is applied and AppArmor restricts the application according to the profile
just created.
If you started aa-genprof on an application that had an existing profile that was
in complain mode, this profile remains in learning mode upon exit of this learning
cycle. For more information about changing the mode of a profile, refer to Section
"aa-complain—Entering Complain or Learning Mode" (Chapter 4, Building
Profiles from the Command Line, ↑Novell AppArmor Administration Guide)
Step 3 (page 768). Confine the application, exercise it under
Step 2 (page 768) by running