diff options
Diffstat (limited to 'core/apparmor.html')
| -rw-r--r-- | core/apparmor.html | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/core/apparmor.html b/core/apparmor.html index 0052a68..8b7a30c 100644 --- a/core/apparmor.html +++ b/core/apparmor.html @@ -109,6 +109,35 @@ <h3 id="auto_profiles">Create profile with audit</h3> + <p>Tools use log as a source to build profiles, it is + necessary to disable log rate limit;</p> + + <pre> + # sysctl -w kernel.printk_ratelimit=0 + </pre> + + <p>Start aa-genprof;</p> + + <pre> + $ sudo aa-genprof /usr/bin/lynx + </pre> + + <p>Execute application with all common application options + and parts;</p> + + <P>After initial automatic configuration enable profile in + complain mode. Use aa-logprof when rules need to be adapted.</p> + + <pre> + # aa-logprof + </pre> + + <p>Once profile rules become well defined enable profile in + enforce mode with aa-enforce;</p> + + <p>Monitor logs with aa-notify;</a> + + <h3 id="man_profiles">Create profile manually</h3> <p>To create a new profile, let's say for lynx, @@ -136,8 +165,6 @@ } </pre> - - <a href="index.html">Core OS Index</a> <p>This is part of the Hive System Documentation. Copyright (C) 2019 |