Advertisement
Test your profile settings by performing every task you need with the application you
just confined. Normally, the confined program runs smoothly and you do not notice
AppArmor activities at all. However, if you notice certain misbehavior with your appli-
cation, check the system logs and see if AppArmor is too closely constricting your ap-
plication. Find the appropriate logs in /var/log/messages or run dmesg.
Any output resembling the following example hints at AppArmor too closely confining
your application:
SubDomain: REJECTING w access to /var/run/nscd/socket (traceroute(2050) profile
/usr/sbin/traceroute active /usr/sbin/traceroute)
To adjust the profile, run the Add Profile Wizard again as described above and let it
analyze the log messages relating this particular application. Determine the access rights
or restrictions when prompted by YaST.
TIP: For More Information
For more information about profile building and modification, refer to Chap-
ter Building Novell AppArmor Profiles (↑Novell AppArmor Powered by Immunix
1.2 Administration Guide).
4.3 Configuring Novell AppArmor
Set up event notification in Novell® AppArmor so you can review security events.
Event Notification is an Novell AppArmor feature that informs a specified e-mail recip-
ient when systemic Novell AppArmor activity occurs under the chosen severity level.
This feature is currently available via the YaST interface.
To set up event notification in YaST, proceed as follows:
16
learning cycle. For more information on changing the mode of a profile, refer to
Section "Complain or Learning Mode" (Chapter 3, Building Novell AppArmor
Profiles, ↑Novell AppArmor Powered by Immunix 1.2 Administration Guide)
and Section "Enforce Mode" (Chapter 3, Building Novell AppArmor Profiles,
↑Novell AppArmor Powered by Immunix 1.2 Administration Guide).
Event Notification and Reports
Advertisement
Need help?
Do you have a question about the APPARMOR 1.2 - QUICK GUIDE AND and is the answer not in the manual?