Include Statements - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

21.3 #include Statements

#include statements are directives that pull in components of other Novell AppArmor
profiles to simplify profiles. Include files fetch access permissions for programs. By
using an include, you can give the program access to directory paths or files that are
also required by other programs. Using includes can reduce the size of a profile.
By default, AppArmor adds /etc/apparmor.d to the path in the #include
statement. AppArmor expects the include files to be located in /etc/apparmor.d.
Unlike other profile statements (but similar to C programs), #include lines do not
end with a comma.
To assist you in profiling your applications, Novell AppArmor provides three classes
of #includes: abstractions, program chunks and tunables.
21.3.1 Abstractions
Abstractions are #includes that are grouped by common application tasks. These
tasks include access to authentication mechanisms, access to name service routines,
common graphics requirements, and system accounting. Files listed in these abstractions
are specific to the named task. Programs that require one of these files usually require
some of the other files listed in the abstraction file (depending on the local configuration
as well as the specific requirements of the program). Find abstractions in /etc/
apparmor.d/abstractions.
21.3.2 Program Chunks
The program-chunks directory (/etc/apparmor.d/program-chunks) contains
some chunks of profiles that are specific to program suites and not generally useful
outside of the suite, thus are never suggested for use in profiles by the profile wizards
(aa-logprof and aa-genprof). Currently program chunks are only available for the
postfix program suite.
204 Security Guide