Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 268

• If the example program (program1) is in your path, use:
aa-complain [program1 program2 ...]
• If the program is not in your path, specify the entire path as follows:
aa-complain /sbin/program1
• If the profiles are not in /etc/apparmor.d, use the following to override the
default location:
aa-complain /path/to/profiles/ program1
• Specify the profile for program1 as follows:
aa-complain /etc/apparmor.d/sbin.program1
Each of the above commands activates the complain mode for the profiles or programs
listed. If the program name does not include its entire path, aa-complain searches $PATH
for the program. For instance, aa-complain /usr/sbin/* finds profiles associ-
ated with all of the programs in /usr/sbin and puts them into complain mode.
aa-complain /etc/apparmor.d/* puts all of the profiles in /etc/apparmor
.d into complain mode.
TIP: Toggling Profile Mode with YaST
YaST offers a graphical front-end for toggling complain and enforce mode. See
Section 23.6.2, "Changing the Mode of Individual Profiles"
mation.
aa-enforce—Entering Enforce Mode
The enforce mode detects violations of AppArmor profile rules, such as the profiled
program accessing files not permitted by the profile. The violations are logged and not
permitted. The default is for enforce mode to be enabled. To log the violations only,
but still permit them, use complain mode. Enforce toggles with complain mode.
256 Security Guide
(page 244) for infor-