3.3 Editing Profiles

Novell AppArmor enables you to manually edit Novell AppArmor profiles by adding, editing, or deleting entries. To edit a profile, proceed as follows:

  1. Start YaST and select Novell AppArmor > Edit Profile .

    Choose profile to edit

  2. From the list of profiled applications, select the profile to edit.

  3. Click Next. The AppArmor Profile Dialog window displays the profile.

    AppArmor profile dialog

  4. In the AppArmor Profile Dialog window, you can add, edit, or delete Novell AppArmor profile entries by clicking the corresponding buttons and referring to Adding an Entry, Editing an Entry, or Deleting an Entry.

  5. When you are finished, click Done.

  6. In the pop-up that appears, click Yes to confirm your changes to the profile and reload the AppArmor profile set.

HINT: Syntax Checking in AppArmor

AppArmor contains a syntax check that will notify you of any syntax errors in profiles you are trying to process with the YaST AppArmor tools. Should an error occur, edit the respective profile manually as root and reload the profile set with the rcapparmor reload command.

3.3.1 Adding an Entry

The Add Entry option can be found in Section 3.2, Manually Adding a Profile or Section 3.3, Editing Profiles. When you select Add Entry, a drop-down list displays the types of entries you can add to the Novell AppArmor profile.

From the list, select one of the following:

File

In the pop-up window, specify the absolute path of a file, including the type of access permitted. When finished, click OK.

You can use globbing if necessary. For globbing information, refer to Section 4.7, Pathnames and Globbing. For file access permission information, refer to Section 4.8, File Permission Access Modes.

Select a file to add
Directory

In the pop-up window, specify the absolute path of a directory, including the type of access permitted. You can use globbing if necessary. When finished, click OK.

For globbing information, refer to Section 4.7, Pathnames and Globbing. For file access permission information, refer to Section 4.8, File Permission Access Modes.

Select a directory to add
Capability

In the pop-up window, select the appropriate capabilities. These are statements that enable each of the 32 POSIX.1e capabilities. Refer to Section 2.1, Breaking a Novell AppArmor Profile into Its Parts for more information about capabilities. When finished making your selections, click OK.

Select capabilities
Include

In the pop-up window, browse to the files to use as includes. Includes are directives that pull in components of other Novell AppArmor profiles to simplify profiles. For more information, refer to Section 2.2, #include Statements.

Select includes
Hat

In the pop-up window, specify the name of the subprofile (hat) to add to your current profile and click Create Hat. For more information, refer to Section 5.0, Profiling Your Web Applications Using ChangeHat.

3.3.2 Editing an Entry

When you select Edit Entry, the file browser pop-up window opens. From here, you can edit the selected entry.

In the pop-up window, specify the absolute path of a file, including the type of access permitted. You can use globbing if necessary. When finished, click OK.

Edit an entry

For globbing information, refer to Section 4.7, Pathnames and Globbing. For file access permission information, refer to Section 4.8, File Permission Access Modes.

3.3.3 Deleting an Entry

To delete an entry in a given profile, select Delete Entry. Novell AppArmor removes the selected profile entry.