Novell APPARMOR Admin Manual page 47

Building Novell AppArmor Profiles Using the Com-
lsmod, and rmmod, but this approach is not recommended. Rather, it
is recommended that you manage Novell AppArmor through the script
which can perform the following operations:
/etc/init.d/subdomain
/etc/init.d/subdomain start
Has different behaviors depending on the SubDomain miodule state. If
it was unloaded, then loads the module and starts it, putting it in
start
the running state. If it was stopped, then causes the module to
start
re-scan the Novell AppArmor profiles usually found in /etc/subdo-
main.d and puts the module in the running state. If the module was
already running then reports a warning and takes no action.
start
/etc/init.d/subdomain stop
Stops SubDomain module(if it was running) by removing all profiles
from kernel memory, effectively disabling all access controls, putting
the module into the stopped state. If the SubDomain module was
either unloaded or already stopped, then tries to unload the pro-
stop
files again, but nothing happens.
/etc/init.d/subdomain restart
Causes SubDomain module to rescan the profiles usually found in
/etc/subdomain.d without unconfining running processes, adding
new profiles, and removing any profiles that had been deleted from
/etc/subdomain.d.
/etc/init.d/subdomain kill
Unconditionally removes the SubDomain module from the kernel. This
is unsafe, because unloading modules from the Linux kernel is
unsafe. This command is provided only for debugging and emergen-
cies, when the module might have to be removed.
Note:
SubDomain is a powerful access control system, and it is pos-
sible to lock yourself out of your own machine to the point where you
have to boot the machine from rescue media (such as disc 1 of SLES
9) to regain control.
To prevent such a problem, always ensure that you have a running,
unconfined, root login on the machine being configured when you
restart the SubDomain module. If you damage your system to the
47