Novell APPARMOR Admin Manual page 56

U s e r ' s G u i d e
enforce /etc/subdomain.d/sbin.
Each of the above commands will activate enforce mode for the pro-
files/programs listed.
I f y o u d o n ' t e n t e r t h e p r o g r a m o r p r o f i l e n a me ( s ) , y o u w i l l b e p r o mp t e d
to enter one. /path/to/profiles overrides the default location of
/etc/subdomain.d.
The argument can be either a list of programs or a list of profiles. If the
program name does not include its entire path, then enforce
s e a r c h e s $ P A T H f o r t h e p r o g r a m. F o r i n s t a n c e , " enforce
/usr/sbin/*" w i l l f i n d p r o f i l e s a s s o c i a t e d w i t h a l l o f t h e p r o g r a ms i n
/usr/sbin a n d p u t t h e m i n t o e n f o r c e mo d e , a n d " enforce
/etc/subdomain.d/*" w i l l p u t a l l o f t h e p r o f i l e s i n /etc/subdo-
main.d into enforce mode.
Genprof
G e n p r o f ( o r G e n e r a t e P r o f i l e ) i s N o v e l l A p p A r mo r ' s p r o f i l e g e n e r a t i n g
utility. It Autodeps the specified program, creating an approximate pro-
file (if a profile doesn't already exist for it), sets it to complain mode,
reloads it into Novell AppArmor, marks the syslog, and prompts the
user to execute the program and exercise its functionality.
genprof [ -d /path/to/profiles ]
If you were to create a profile for the the Apache web server program
httpd2-prefork, you would type the following at a root shell prompt:
1. /etc/init.d/apache2 stop
2. Next, type genprof httpd2-prefork
Now Genprof will do the following:
• Resolve the full path of httpd2-prefork b a s e d o n y o u r s h e l l ' s
path variables. You can also specify a full path. On SuSE LINUX
Enterprise Server 9, the full path is: /usr/sbin/httpd2-pre-
fork
• Check to see if there is an existing profile for httpd2-prefork.
If there is one already, then genprof will update it. If not, then
genprof creates one using the autodep program described in
56
program1
program