Breaking A Novell Apparmor Profile Into Its Parts - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - SECURITY:
- Installation (5 pages) ,
- Administration manual (452 pages)
Table of Contents
Advertisement
Capability Entries
Capability entries are profile entries for any of the POSIX.1e Linux capabilities
allowing a fine-grained control over what a confined process is allowed to do
through system calls that require privileges.
Network Access Control Entries
Network Access Control Entries mediate network access based on the address type
and family.
Local Variable Definitions
Local variables define shortcuts for paths.
File Access Control Entries
File Access Control Entries specify the set of files an application can access.
rlimit Entries
rlimit entries set and control an application's resource limits.
For help determining the programs to profile, refer to
grams to Immunize"
to
Chapter 23, Building and Managing Profiles with YaST
using the AppArmor command line interface, proceed to
from the Command Line
21.1 Breaking a Novell AppArmor
The easiest way of explaining what a profile consists of and how to create one is to
show the details of a sample profile, in this case for a hypothetical application called
/usr/bin/foo:
#include <tunables/global>
# a comment naming the application to confine
/usr/bin/foo
{
#include <abstractions/base>
capability setgid ,
network inet tcp ,
238
Security Guide
(page 230). To start building AppArmor profiles with YaST, proceed
(page 287).
Profile into Its Parts
Section 20.2, "Determining Pro-
(page 265). To build profiles
Chapter 24, Building Profiles
Advertisement
Table of Contents
Need help?
Do you have a question about the LINUX ENTERPRISE SERVER 11 - SECURITY and is the answer not in the manual?
Questions and answers