Novell APPARMOR Admin Manual page 59

Two Methods of Profiling
• unconfined (ux): The child runs completely unconfined without
any Novell AppArmor profile being applied to the executed
resource.
Figure 2: The Learning Mode exception requires you to define exe-
cute permissions for an entry.
Adding /bin/ps ix to profile.
Profile:
Path:
New Mode: r
[1 - /etc/hosts.allow]
[(A)llow] / (D)eny / (N)ew / (G)lob / Glob w/(E)xt / Abo(r)t
/ (F)inish
The above menu shows Novell AppArmor suggesting directory path
entries that have been accessed by the application you are profiling. It
may also require you to define execute permissions for entries.
Novell AppArmor provides one or more path names or includes. By
clicking the option number, choose from one or more of the following
options, then proceed to Step 6.
Note:
All of these options are not always presented in the Novell
AppArmor menu.
• #include: An include is the section of a Novell AppArmor profile
that refers to an include file. Include files procure access permis-
sions for programs. By using an include, you can give the program
access to directory paths or files that are also required by other pro-
g r a ms . U s i n g i n c l u d e s c a n r e d u c e t h e s i z e o f a p r o f i l e . I t ' s g o o d
practice to select #includes when suggested.
• Globbed Version: This is accessed by clicking the Glob button as
described in the next step. For information on globbing syntax,
refer to " Path Names and Regular Expression Matching" o n
/usr/sbin/xinetd
/etc/hosts.allow
59