Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 274

Example 24.2 Learning Mode Exception: Defining Execute Permissions for an Entry
262 Security Guide
Adding /bin/ps ix to profile.
Profile: /usr/sbin/xinetd
Path: /etc/hosts.allow
New Mode: r
[1 - /etc/hosts.allow]
[(A)llow] / (D)eny / (N)ew / (G)lob / Glob w/(E)xt / Abo(r)t /
(F)inish
AppArmor provides one or more paths or includes. By entering the option
number, select the desired options then proceed to the next step.
NOTE
All of these options are not always presented in the AppArmor menu.
#include
This is the section of an AppArmor profile that refers to an include file,
which procures access permissions for programs. By using an include,
you can give the program access to directory paths or files that are also
required by other programs. Using includes can reduce the size of a
profile. It is good practice to select includes when suggested.
Globbed Version
This is accessed by selecting Glob as described in the next step. For in-
formation about globbing syntax, refer to
Globbing" (page 206).
Actual Path
This is the literal path to which the program needs access so that it can
run properly.
After you select the path or include, process it as an entry into the AppArmor
profile by selecting Allow or Deny. If you are not satisfied with the directory
path entry as it is displayed, you can also Glob it.
The following options are available to process the learning mode entries and
build the profile:
Section 21.6, "Paths and