Novell APPARMOR Admin Manual page 53
Hide thumbs
Also See for APPARMOR:
- Quick start manual (5 pages) ,
- Installation & quick start manual (4 pages) ,
- Quick start card (7 pages)
Table of Contents
Advertisement
Two Methods of Profiling
Autodep
When you run the Autodep program, it creates an approximate profile
for the program or application you are autodepping. You can generate
approximate profiles for binary executables and interpreted script pro-
grams. The resulting profile is called "approximate" because it does
not necessarily contain all of the profile entries that the program needs
to be properly confined by Novell AppArmor. The minimum autodep
approximate profile will at least have a base include directive, which
contains basic profile entries needed by most programs. For certain
types of programs, autodep will generate a more expanded profile.
The profile is generated by recursively calling ldd(1) on the executa-
bles listed on the command line.
To generate an approximate profile, use the autodep program. The
" program" a r g u me n t c a n b e e i t h e r t h e s i mp l e n a me o f t h e p r o g r a m,
a n d a u t o d e p w i l l f i n d i t b y s e a r c h i n g y o u r s h e l l ' s p a t h v a r i a b l e , o r i t c a n
be a fully qualified path. The program itself can be of any kind (ELF
binary, shell script, PERL script, etc.) and autodep will still generate an
approximate profile, to be improved through the dynamic profiling that
follows. The resultant approximate profile is written to the /etc/sub-
domain.d directory using the Novell AppArmor profile naming con-
vention of naming the profile after the absolute path of the program,
replacing the front slash (/) characters in the path with period (.) char-
acters. The general form of autodep is to type the following in a termi-
nal window when logged in as root:
autodep [ -d /path/to/profiles ] [program1 program2...]
I f y o u d o n ' t e n t e r t h e p r o g r a m n a me o r n a me s , y o u w i l l b e p r o mp t e d
for them. /path/to/profiles overrides the default location of
/etc/subdomain.d.
To begin profiling, you must create profiles for each main executable
service that is part of your application (anything that may start up with-
out being a child of another program that already has a profile). Find-
ing all such programs is dependent on the application in question.
Here are several strategies for finding such programs:
Directories: If all of the programs you wish to profile are in a directory,
53
Advertisement
Table of Contents
Related Manuals for Novell APPARMOR
Related Products for Novell APPARMOR
- NOVELL ACCESS MANAGER 3.1 SP1 - S 11-20-2009
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP2 Beta 1
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ADMINSTUDIO 9.5