openSUSE-Dokumentation
Novell AppArmor (2.3) Quick Start / 6. Example Profile
Prev5. Learning Mode7. Structure of a ProfileNext

Example Profile

#include<tunables/global>

@{HOME} = /home/*/ /root/ # variable

/usr/bin/foo {
   #include <abstractions/base>
   network inet tcp,
   capability setgid,

   /bin/mount          ux,
   /dev/{,u}random     r,
   /etc/ld.so.cache    r,
   /etc/foo/*          r,
   /lib/ld-*.so*       mr,
   /lib/lib*.so*       mr,
   /proc/[0-9]**       r,
   /usr/lib/**         mr,
   /tmp/               r,
   /tmp/foo.pid        wr,
   /tmp/foo.*          lrw,
   /@{HOME}/.foo_file  rw,
   /@{HOME}/.foo_lock  kw,

   link /etc/sysconfig/foo -> /etc/foo.conf,
   deny /etc/shadow    w,
   owner /home/*/**    rw,

   /usr/bin/foobar     cx,
   /bin/**             px -> bin_generic

  # comment on foo's local profile, foobar.
   foobar {
    /bin/bash        rmix,
    /bin/cat         rmix,
    /bin/more        rmix,
    /var/log/foobar* rwl,
    /etc/foobar      r,
   } 
}
Prev5. Learning ModeHome7. Structure of a ProfileNext