Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 336

5 Once the profile is updated, put it back into enforce mode via the YaST AppArmor
Using the AppArmor command line tools, you would proceed as follows:
1 Put the application's profile into complain mode:
2 Run the application.
3 Update the profile according to the log entries made while running the application:
4 Put the resulting profile back into enforce mode:
28.4.3 How to Confine KDE Applications
Currently, it is not possible to confine KDE applications to the same extent as any
other application due to the way KDE manages its processes.
If you want to confine KDE applications, choose one of the following approaches, but
note that none of them is really suited for a standard setup:
Create a Single Profile for the Entire KDE Desktop
As all KDE processes are children of one parent process and AppArmor cannot
distinguish an individual application's process from the rest, create one huge profile
to confine the entire desktop all at once. This approach is only feasible if your setup
is a very limited (kiosk-type) one. Maintaining such a profile for a standard KDE
desktop including all of its applications would be close to impossible.
324 Security Guide
Control Panel.
aa-logprof /path/to/application
with AppArmor?
aa-complain /path/to/application
aa-enforce /path/to/application