Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 280

questions pertaining to DNS lookups and also makes the profile less brittle in that any
changes to DNS configuration and the associated name service profile package can be
made just once, rather than needing to revise many profiles.
Profile:
Path:
New Mode: r
[1 - #include <abstractions/nameservice>]
2 - /etc/group
[(A)llow] / (D)eny / (N)ew / (G)lob / Glob w/(E)xt / Abo(r)t / (F)inish
Select one of the following responses:
Select Enter
Triggers the default action, which is, in this example, allowing access to the specified
directory path entry.
Allow
Allows access to the specified directory path entries. AppArmor suggests file per-
mission access. For more information about this, refer to
mission Access Modes"
Deny
Prevents the program from accessing the specified directory path entries. AppArmor
then continues to the next event.
New
Prompts you to enter your own rule for this event, allowing you to specify whatever
form of regular expression you want. If the expression entered does not actually
satisfy the event that prompted the question in the first place, AppArmor asks for
confirmation and lets you reenter the expression.
Glob
Select either a specific path or create a general rule using wild cards that matches
on a broader set of paths. To select any of the offered paths, enter the number that
is printed in front of the paths then decide how to proceed with the selected item.
For more information about globbing syntax, refer to
Globbing"
268 Security Guide
/usr/sbin/httpd2-prefork
/etc/group
(page 209).
(page 206).
Section 21.7, "File Per-
Section 21.6, "Paths and