Novell APPARMOR Admin Manual page 18
Hide thumbs
Also See for APPARMOR:
- Quick start manual (5 pages) ,
- Installation & quick start manual (4 pages) ,
- Quick start card (7 pages)
Table of Contents
Advertisement
U s e r ' s G u i d e
The easiest way of explaining what a profile is comprised of and how to
create one is to show the details of a sample profile. Consider, for
example, the following profile for the program, /sbin/klogd:
# profile to confine klogd
/sbin/klogd
{
#include <abstractions/base>
capability sys_admin,
/boot/* r,
/proc/kmsg r,
/sbin/klogd r,
/var/run/klogd.pid lw,
}
The first line: The first line is a comment.
The second line: The second line indicates the absolute path of the
program to be confined. In this example, whenever a program named
/sbin/klogd executes, it will be confined by this profile.
Subsequent lines within the brackets {}: The rest of the lines take
one of several forms:
• #include directives that pull in components of Novell AppArmor
profiles to simplify profiles.
• Capability Entries statements that enable each of the 32
POSIX.1e capabilities.
• Path Entries in which the first part specifies the absolute path of a
file (possibly including regular expression globbing), and the second
part indicates permissible access modes (r: read, w: write, and x:
execute).
Spaces or Tabs: A white space of any kind (spaces or tabs) can pre-
cede path names or separate the path name from the access modes.
White space between the access mode and the trailing comma is
optional.
18
Advertisement
Table of Contents
Related Manuals for Novell APPARMOR
Related Products for Novell APPARMOR
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP2 Beta 1
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ADMINSTUDIO 9.5