Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

aa-easyprof(8) [debian man page]

AA-EASYPROF(8)							     AppArmor							    AA-EASYPROF(8)

NAME

       aa-easyprof - AppArmor profile generation made easy.

SYNOPSIS

       aa-easyprof [option] <path to binary>

DESCRIPTION

       aa-easyprof provides an easy to use interface for AppArmor policy generation. aa-easyprof supports the use of templates and policy groups
       to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the
       quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating
       policy by hand or with aa-genprof and aa-logprof.

OPTIONS

       aa-easyprof accepts the following arguments:

       -t TEMPLATE, --template=TEMPLATE
	   Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the
	   template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default.

       -p POLICYGROUPS, --policy-groups=POLICYGROUPS
	   Specify POLICY as a comma-separated list of policy groups. See --list-templates for supported policy groups. The available policy
	   groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar
	   to AppArmor abstractions, but usually encompass more policy rules.

       -a ABSTRACTIONS, --abstractions=ABSTRACTIONS
	   Specify ABSTRACTIONS as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but
	   this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions.  See apparmor.d(5) for details.

       -r PATH, --read-path=PATH
	   Specify a PATH to allow owner reads. May be specified multiple times. If the PATH ends in a '/', then PATH is treated as a directory
	   and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the PATH to only allow reads to files
	   directly in PATH.

       -w PATH, --write-dir=PATH
	   Like --read-path but also allow owner writes in additions to reads.

       -n NAME, --name=NAME
	   Specify NAME of policy. If not specified, NAME is set to the name of the binary. The NAME of the policy is often used as part of the
	   path in the various templates.

       --template-var="@{VAR}=VALUE"
	   Set VAR to VALUE in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified
	   multiple times.

       --list-templates
	   List available templates.

       --show-template=TEMPLATE
	   Display template specified with --template.

       --templates-dir=PATH
	   Use PATH instead of system templates directory.

       --list-policy-groups
	   List available policy groups.

       --show-policy-group
	   Display policy groups specified with --policy.

       --policy-groups-dir=PATH
	   Use PATH instead of system policy-groups directory.

       --author
	   Specify author of the policy.

       --copyright
	   Specify copyright of the policy.

       --comment
	   Specify comment for the policy.

EXAMPLE

       Example usage for a program named 'foo' which is installed in /opt/foo:

	   $ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" --policy-groups=opt-application,user-application
	   /opt/foo/bin/FooApp

BUGS

       If you find any additional bugs, please report them to Launchpad at <https://bugs.launchpad.net/apparmor/+filebug>.

SEE ALSO

       apparmor(7) apparmor.d(5)

AppArmor 2.7.103						    2012-07-16							    AA-EASYPROF(8)

Check Out this Related Man Page

APPARMOR_STATUS(8)						     AppArmor							APPARMOR_STATUS(8)

NAME

       apparmor_status - display various information about the current AppArmor policy.

SYNOPSIS

       apparmor_status [option]

DESCRIPTION

       apparmor_status will report various aspects of the current state of AppArmor confinement. By default, it displays the same information as
       if the --verbose argument were given. A sample of what this looks like is:

	 apparmor module is loaded.
	 110 profiles are loaded.
	 102 profiles are in enforce mode.
	 8 profiles are in complain mode.
	 Out of 129 processes running:
	 13 processes have profiles defined.
	 8 processes have profiles in enforce mode.
	 5 processes have profiles in complain mode.

       Other argument options are provided to report individual aspects, to support being used in scripts.

OPTIONS

       apparmor_status accepts only one argument at a time out of:

       --enabled
	   returns error code if AppArmor is not enabled.

       --profiled
	   displays the number of loaded AppArmor policies.

       --enforced
	   displays the number of loaded enforcing AppArmor policies.

       --complaining
	   displays the number of loaded non-enforcing AppArmor policies.

       --verbose
	   displays multiple data points about loaded AppArmor policy set (the default action if no arguments are given).

       --help
	   displays a short usage statement.

BUGS

       apparmor_status must be run as root to read the state of the loaded policy from the apparmor module. It uses the /proc filesystem to
       determine which processes are confined and so is susceptible to race conditions.

       Upon exiting, apparmor_status will set its return value to the following values:

       0   if apparmor is enabled and policy is loaded.

       1   if apparmor is not enabled/loaded.

       2   if apparmor is enabled but no policy is loaded.

       3   if the apparmor control files aren't available under /sys/kernel/security/.

       4   if the user running the script doesn't have enough privileges to read the apparmor control files.

	   If you find any additional bugs, please report them to bugzilla at <http://bugzilla.novell.com>.

SEE ALSO

       apparmor(7), apparmor.d(5), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.

POD ERRORS

       Hey! The above document had some coding errors, which are explained below:

       Around line 95:
	   '=item' outside of any '=over'

       Around line 119:
	   You forgot a '=back' before '=head1'

NOVELL
/SUSE							    2007-05-24							APPARMOR_STATUS(8)
Man Page