1
# $Id: genprof.pod 190 2006-11-03 09:47:55Z seth_arnold $
2
# This publication is intellectual property of Novell Inc. Its contents
3
# can be duplicated, either in part or in whole, provided that a copyright
4
# label is visibly located on each copy.
6
# All information found in this book has been compiled with utmost
7
# attention to detail. However, this does not guarantee complete accuracy.
8
# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
9
# liable for possible errors or the consequences thereof.
11
# Many of the software and hardware descriptions cited in this book
12
# are registered trademarks. All trade names are subject to copyright
13
# restrictions and may be registered trade marks. SUSE LINUX GmbH
14
# essentially adheres to the manufacturer's spelling.
16
# Names of products and trademarks appearing in this book (with or without
17
# specific notation) are likewise subject to trademark and trade protection
18
# laws and may thus fall under copyright restrictions.
20
# Please direct suggestions and comments to apparmor-general@forge.novell.com.
27
genprof - profile generation utility for AppArmor
31
B<genprof I<E<lt>executableE<gt>> [I<-d /path/to/profiles>]>
35
B<-d --dir /path/to/profiles>
37
Specifies where to look for the AppArmor security profile set.
38
Defaults to /etc/apparmor.d.
43
When running genprof, you must specify a program to profile. If the
44
specified program is not a fully-qualified path, genprof will search $PATH
45
in order to find the program.
47
If a profile does not exist for the program, genprof will create one using
52
- set the profile to complain mode
54
- write a mark to the system log
56
- instruct the user to start the application to
57
be profiled in another window and exercise its functionality
59
It then presents the user with two options, (S)can system log for entries
60
to add to profile and (F)inish.
62
If the user selects (S)can or hits return, genprof will parse
63
the complain mode logs and iterate through generated violations
66
After the user finishes selecting profile entries based on violations
67
that were detected during the program execution, genprof will reload
68
the updated profiles in complain mode and again prompt the user for (S)can and
69
(D)one. This cycle can then be repeated as neccesary until all application
70
functionality has been exercised without generating access violations.
72
When the user eventually hits (F)inish, genprof will set the main profile,
73
and any other profiles that were generated, into enforce mode and exit.
77
None. Please report any you find to bugzilla at
78
L<http://bugzilla.novell.com>.
82
apparmor(7), apparmor.d(5), enforce(1), complain(1), change_hat(2),
83
logprof(1), logprof.conf(5), and
84
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.