You are ready to build Novell AppArmor profiles after you select the programs to profile. To do so, it is important to understand the components and syntax of profiles. AppArmor profiles contain several building blocks that help build simple and reusable profile code:
#include statements are used to pull in parts of other AppArmor profiles to simplify the structure of new profiles.
Abstractions are #include statements grouped by common application tasks.
Program chunks are #include statements that contain chunks of profiles that are specific to program suites.
Capability entries are profile entries for any of the POSIX.1e Linux capabilities allowing a fine-grained control over what a confined process is allowed to do through system calls that require privileges.
Network Access Control Entries mediate network access based on the address type and family.
Local variables define shortcuts for paths.
File Access Control Entries specify the set of files an application can access.
rlimit entries set and control an application's resource limits.
For help determining the programs to profile, refer to Section 1.2, Determining Programs to Immunize. To start building AppArmor profiles with YaST, proceed to Section 4.0, Building and Managing Profiles with YaST. To build profiles using the AppArmor command line interface, proceed to Section 5.0, Building Profiles from the Command Line.