Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 220

home directories in all affected profiles, you only need to change the value of a variable.
Global variables are defined under /etc/apparmor.d/tunables and have to be
made available via an #include statement. Find the variable definitions for this use
case (@{HOME} and @{HOMEDIRS}) in the /etc/apparmor.d/tunables/
home file.
Local variables are defined at the head of a profile. This is useful to provide the base
of for a chrooted path, for example:
@{CHROOT_BASE}=/tmp/foo
/sbin/syslog-ng {
...
# chrooted applications
@{CHROOT_BASE}/var/lib/*/dev/log w,
@{CHROOT_BASE}/var/log/** w,
...
}
NOTE
With the current AppArmor tools, variables can only be used when manually
editing and maintaining a profile.
21.6.2 Alias rules
Alias rules provide an alternative way to manipulate profile path mappings to site spe-
cific layouts. They are an alternative form of path rewriting to using variables, and are
done post variable resolution:
alias /home/ -> /mnt/users/
NOTE
With the current AppArmor tools, alias rules can only be used when manually
editing and maintaining a profile. Whats more, they are deactivated by disabled.
Enable alias rules by editing /etc/apparmor.d/tunables/alias
208 Security Guide