1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. APPARMOR 2.0.1 - ADMINISTRATION GUIDE...
  6. Administration manual

Include Statements - Novell APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008 Administration Manual

Hide thumbs
Table of Contents

Advertisement

To gain the capability CAP_CHOWN, the program must have both access
Example:
to CAP_CHOWN under conventional Linux access controls (typically, be a root-owned
process) and have the capability chown in its profile. Similarly, to be able to write to
the file /foo/bar the program must have both the correct user ID and mode bits set
in the files attributes (see the chmod and chown man pages) and have /foo/bar
w in its profile.
Attempts to violate Novell AppArmor rules are recorded in /var/log/audit/
audit.log if the audit package is installed or otherwise in /var/log/messages.
In many cases, Novell AppArmor rules prevent an attack from working because neces-
sary files are not accessible and, in all cases, Novell AppArmor confinement restricts
the damage that the attacker can do to the set of files permitted by Novell AppArmor.

2.2 #include Statements

#include statements are directives that pull in components of other Novell AppArmor
profiles to simplify profiles. Include files fetch access permissions for programs. By
using an include, you can give the program access to directory paths or files that are
also required by other programs. Using includes can reduce the size of a profile.
By default, AppArmor adds /etc/apparmor.d to the path in the #include
statement. AppArmor expects the include files to be located in /etc/apparmor.d.
Unlike other profile statements (but similar to C programs), #include lines do not
end with a comma.
To assist you in profiling your applications, Novell AppArmor provides two classes of
#includes: abstractions and program chunks.
2.2.1 Abstractions
Abstractions are #includes that are grouped by common application tasks. These
tasks include access to authentication mechanisms, access to name service routines,
common graphics requirements, and system accounting. Files listed in these abstractions
are specific to the named task. Programs that require one of these files usually require
some of the other files listed in the abstraction file (depending on the local configuration
as well as the specific requirements of the program). Find abstractions in /etc/
apparmor.d/abstractions.
14
Novell AppArmor Administration Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008

Related Content for Novell APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008

This manual is also suitable for:

Apparmor 2.0.1

Table of Contents