Building Apparmor Profiles - Novell APPARMOR Admin Manual

U s e r ' s G u i d e
point where logins are no longer possible (for example, by breaking the
profile associated with the SSH daemon) you can repair the damage
using your running root prompt, and restarting the SubDomain mod-
ule.
Building Novell AppArmor Profiles
the SubDomain module profile definitions are stored in the directory
/etc/subdomain.d/ as plain text files.
Warning!
All files in the /etc/subdomain.d/ directory are interpreted
as profiles. Renaming files in that directory is not an effective way of
preventing profiles from being loaded. You must remove profiles from
this directory to manage them effectively.
having it be loaded is not an effective manner of managing profiles
You can use a text editor, such as vim, to access and make changes
to these profiles. The following options contain detailed steps for build-
ing profiles:
• Add or Create Novell AppArmor Profiles: R e f e r t o " Add or Create
a Novell AppArmor Profile" o n p a g e4 9
• Edit Novell AppArmor Profile: R e f e r t o " Edit Novell AppArmor
Profile" o n p a g e4 9
• Delete a Novell AppArmor Profile: R e f e r t o " Delete Novell AppAr-
mor Profile." o n p a g e4 9
Use vim to view and edit your profile by typing vim at a terminal win-
dow. To enable the syntax coloring, when you edit a Novell AppArmor
p r o f i l e i n v i m, u s e t h e c o mma n d " :syntax on" a n d t h e n " :set syn-
tax=subdomain" . F o r mo r e i n f o r ma t i o n o n vim and syntax coloring,
r e f e r t o " Subdomain.vim" o n p a g e6 7 .
Note:
After making changes to a profile, use the
domain restart
command causes the Novell AppArmor to re-read the profiles. For a
d e t a i l e d d e s c r i p t i o n o f t h e s y n t a x o f t h e s e f i l e s , r e f e r t o " How to Build
Novell AppArmor Profiles" o n p a g e1 7 .
48
command, described in the previous section. This
/etc/init.d/sub-