Novell AppArmor Administration Guide

Novell® AppArmor is designed to provide easy-to-use application security for both servers and workstations. Novell AppArmor is an access control system that lets you specify per program which files the program may read, write, and execute. AppArmor secures applications by enforcing good application behavior without relying on attack signatures, so can prevent attacks even if they are exploiting previously unknown vulnerabilities.

Novell AppArmor consists of:

This guide covers the following topics:

Immunizing Programs

Describes the operation of Novell AppArmor and describes the types of programs that should have Novell AppArmor profiles created for them.

Profile Components and Syntax

Introduces the profile components and syntax.

Building and Managing Profiles With YaST

Describes how to use the AppArmor YaST modules to build, maintain and update profiles.

Building Profiles via the Command Line

Describes how to use the AppArmor command line tools to build, maintain and update profiles.

Profiling Your Web Applications Using ChangeHat

Enables you to create subprofiles for the Apache Web server that allow you to tightly confine small sections of Web application processing.

Managing Profiled Applications

Describes how to perform Novell AppArmor profile maintenance, which involves tracking common issues and concerns.


Indicates support options for this product.


Provides a list of terms and their definitions.


We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation and enter your comments there.

Documentation Conventions

The following typographical conventions are used in this manual:

  • /etc/passwd: filenames and directory names

  • placeholder: replace placeholder with the actual value

  • PATH: the environment variable PATH

  • ls, --help: commands, options, and parameters

  • user: users or groups

  • Alt, Alt F1 : a key to press or a key combination; keys are shown in uppercase as on a keyboard

  • File, File Save As : menu items, buttons

  • Dancing Penguins (Chapter Penguins, ↑Reference): This is a reference to a chapter in another book.

Source Code

The source code of openSUSE is publicly available. To download the source code, proceed as outlined under If requested we send you the source code on a DVD. We need to charge a $15 or €15 fee for creation, handling and postage. To request a DVD of the source code, send an e-mail to or mail the request to:

SUSE Linux Products GmbH
Product Management openSUSE
Maxfeldstr. 5
D-90409 Nürnberg