User
’
s
Gui
de
56
enforce /etc/subdomain.d/sbin.
program1
Each of the above commands will activate enforce mode for the pro-
files/programs listed.
I
f
you
don’
t
ent
er
t
he
pr
ogr
am
or
pr
of
i
l
e
name(
s)
,
you
wi
l
l
be
pr
ompt
ed
to enter one.
/path/to/profiles
overrides the default location of
/etc/subdomain.d
.
The argument can be either a list of programs or a list of profiles. If the
program name does not include its entire path, then
enforce
sear
ches
$PATH
f
or
t
he
pr
ogr
am.
For
i
nst
ance,
“
enforce
/usr/sbin/*
”
wi
l
l
f
i
nd
pr
of
i
l
es
associ
at
ed
wi
t
h
al
l
of
t
he
pr
ogr
ams
i
n
/usr/sbin
and
put
t
hem
i
nt
o
enf
or
ce
mode,
and
“
enforce
/etc/subdomain.d/*
”
wi
l
l
put
al
l
of
t
he
pr
of
i
l
es
i
n
/etc/subdo-
main.d
into enforce mode.
Genprof
Genpr
of
(
or
Gener
at
e
Pr
of
i
l
e)
i
s
Novel
l
AppAr
mor
’
s
pr
of
i
l
e
gener
at
i
ng
utility. It Autodeps the specified program, creating an
approximate
pro-
file (if a profile doesn't already exist for it), sets it to complain mode,
reloads it into Novell AppArmor, marks the syslog, and prompts the
user to execute the program and exercise its functionality.
genprof [ -d /path/to/profiles ]
program
If you were to create a profile for the the Apache web server program
httpd2-prefork
, you would type the following at a root shell prompt:
1.
/etc/init.d/apache2 stop
2.
Next, type
genprof httpd2-prefork
Now Genprof will do the following:
•
Resolve the full path of
httpd2-prefork
based
on
your
shel
l
’
s
path variables. You can also specify a full path. On SuSE LINUX
Enterprise Server 9, the full path is:
/usr/sbin/httpd2-pre-
fork
•
Check to see if there is an existing profile for
httpd2-prefork
.
If there is one already, then
genprof
will update it. If not, then
genprof
creates one using the
autodep
program described in
