This document helps you understand the main concepts behind Novell® AppArmor—the content of AppArmorprofiles. Learn how to create or modify AppArmor profiles. You can create and manage AppArmor profiles inthree different ways. The most convenient interface to AppArmor is provided by means of the AppArmor YaSTmodules which can be used either in graphical or ncurses mode. The same functionality is provided by theAppArmor command line tools or if you just edit the profiles in a text editor.AppArmor Modescomplain/learningIn complain or learning mode, violations of AppArmorprofile rules, such as the profiled program accessing filesnot permitted by the profile, are detected. The violationsare permitted, but also logged. This mode is convenientfor developing profiles and is used by the AppArmortools for generating profiles.enforceLoading a profile in enforcement mode enforces thepolicy defined in the profile as well as reports policy vi-olation attempts to syslogd.Starting and Stopping AppArmorUse the rcapparmor command with one of the followingparameters:startLoad the kernel module, mount securityfs, parse andload profiles. Profiles and confinement are applied toany application started after this command was executed.Processes already running at the time AppArmor isstarted continue to run unconfined.stopUnmount securityfs, and invalidate profiles.reloadReload profiles.statusIf AppArmor is enabled, output how many profiles areloaded in complain or enforce mode.Use the rcaaeventd command to control event loggingwith aa-eventd. Use the start and stop options to togglethe status of the aa-eventd and check its status using thestatus.AppArmor Command Line ToolsautodepGuess basic AppArmor profile requirements. autodepcreates a stub profile for the program or applicationexamined. The resulting profile is called “approximate”because it does not necessarily contain all of the profileentries that the program needs to be confined properly.complainSet an AppArmor profile to complain mode.Manually activating complain mode (using the commandline) adds a flag to the top of the profile so that/bin/foo becomes /bin/foo flags=(complain).enforceSet an AppArmor profile to enforce mode from complainmode.Novell AppArmor (for SLE 10 SP2)Quick StartNOVELL® QUICK START CARD1