2 Apparmor Profile Repositories; Using The Local Repository - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
22
AppArmor Profile Repositories
AppArmor ships a set of profiles enabled by default and created by the AppArmor de-
velopers and kept under the /etc/apparmor.d. In addition to these profiles, SUSE
Linux Enterprise Desktop ships profiles for individual applications together with the
respective application. These profiles are not enabled by default and reside under another
directory than the standard AppArmor profiles, /etc/apparmor/profiles/
extras.
AppArmor also supports the use of an external profile repository. This repository is
maintained by Novell and allows you to download profiles generated by Novell and
other AppArmor users as well as uploading your own. Find the profile repository at
http://apparmor.opensuse.org.
22.1 Using the Local Repository
The AppArmor tools, both YaST and aa-genprof and aa-logprof, support the use of a
local repository. Whenever you start to create a new profile from scratch and there al-
ready is one inactive profile in your local repository, you are asked whether you would
like to use the existing inactive one from /etc/apparmor/profiles/extras
and whether you want to base your efforts on it. If you decide to use this profile, it gets
copied over to the directory of profiles enabled by default (/etc/apparmor.d) and
loaded whenever AppArmor is started. Any further further adjustments will be done to
the active profile under /etc/apparmor.d.
AppArmor Profile Repositories
221
Advertisement
Table of Contents
