Novell APPARMOR 1.2 - QUICK GUIDE AND Installation & Quick Start Manual page 15

There are two ways of managing profiles. One is to use the graphical front-end provided
by the YaST Novell AppArmor modules and the other is to use the command line tools
provided by the AppArmor suite itself. Both methods basically work the same way.
Running unconfined as described in
(page 13) identifies a list of applications that may need a profile to run in a safe mode.
For each application, perform the following steps to create a profile:
1 As root, let AppArmor create a rough outline of the application's profile by
running genprof programname
or
running YaST → Novell AppArmor → Add Profile Wizard and specifying the
complete path of the application to profile.
A basic profile is outlined and AppArmor is put into learning mode, which means
that it logs any activity of the program you are executing but does not restrict it,
yet.
2 Run the full range of the application's actions to let AppArmor get a very specific
picture of its activities.
3 Let AppArmor analyze the log files generated in
by running typing
or
clicking Scan system log for AppArmor events in the Add Profile Wizard and
follow the instructions given in the wizard until the profile is completed.
AppArmor scans the logs it recorded during the application's run and asks you
to set the access rights for each event that was logged. Either set them for each
file or use globbing.
4 Once all access permissions are set, your profile is set to enforce mode mode.
The profile is applied and AppArmor restricts the application according to the
profile just created.
If you started genprof against an application that had an existing profile that was
in complain mode, this profile will remain in learning mode upon exit of this
Section 4.1, "Choosing the Applications to Profile"
in genprof
S
Step 2 (page 15). Do this either
Getting Started with Profiling Applications 15