4
Click File > Quit in the YaST Control Center.
3.6.2 Changing the Mode of Individual
Profiles
AppArmor can apply profiles in two different modes. In complain or learning mode,
violations of AppArmor profile rules, such as the profiled program accessing files not
permitted by the profile, are detected. The violations are permitted, but also logged.
This mode is convenient for developing profiles and is used by the AppArmor tools for
generating profiles. Loading a profile in enforce mode enforces the policy defined in
the profile and reports policy violation attempts to syslogd.
The Profile Modes dialog allows you to view and edit the mode of currently loaded
AppArmor profiles. This feature is useful for determining the status of your system
during profile development. During the course of systemic profiling (see
Section 4.6.2,
“Systemic Profiling”
(page 54)), you can use this tool to adjust and monitor the scope
of the profiles for which you are learning behavior.
To edit an application's profile mode, proceed as follows:
1
Start YaST and select Novell AppArmor > AppArmor Control Panel.
2
In the Configure Profile Modes section, select Configure.
3
Select the profile for which to change the mode.
4
Select Toggle Mode to set this profile to complain mode or to enforce mode.
5
Apply your settings and leave YaST with Done.
To change the mode of all profiles, use Set All to Enforce or Set All to Complain.
TIP: Listing the Profiles Available
By default, only active profiles are listed—any profile that has a matching ap-
plication installed on your system. To set up a profile before installing the re-
spective application, click Show All Profiles and select the profile to configure
from the list that appears.
Building and Managing Profiles with YaST
47
