Skip to content

AppArmor.d

Profile / Subprofile

roddhjav/apparmor.d

AppArmor.d

roddhjav/apparmor.d

Home
Home
- Home
  Home
- Getting Started
  Getting Started
- Advanced
  Advanced
- Troubleshooting
  Troubleshooting
  - Known issues
  - System Recovery
Security
Security
- Security
  Security
- Security Model
  Security Model
- Implementation
  Implementation
  - Security Architecture
  - Security Hardening
Development
Development
- Development
  Development
  - Roadmap
- Profiles
  Profiles
  - Workflow
  - Guidelines
  - Internal
  - Directives
  - Dbus
  - Recommendations
- Packages
  Packages
  - Building the profiles
- Tests
  Tests
Abstractions
Abstractions
- Abstractions
  Abstractions
- Layers
  Layers
- System
  System
- Specialized
  Specialized
Linter
Linter
- Linter
  Linter
- Security Checks
  Security Checks
- Compatibility Checks
  Compatibility Checks
  - Abi
  - Bin
  - Directory Mark
  - Equivalent
- Style Checks
  Style Checks
  - Header
  - Local include
  - Profile / Subprofile Profile / Subprofile
    On this page
    
    Problematic rule
    
    Correct rule
    
    Rationale
    
    Exceptions
  - Tabs
  - Trailing space
  - Useless rule
  - Vim syntax

`profile` / `subprofile`¶

Missing or incorrect profile name.

Problematic rule¶

cat /etc/apparmor.d/foo
# WRONG
profile myfoo {
  ...
}

cat /etc/apparmor.d/foo
# WRONG
profile @{bin}/foo {
  ...
}

Correct rule¶

cat /etc/apparmor.d/foo
profile foo {
  ...
}

cat /etc/apparmor.d/foo
# WRONG
profile foo @{bin}/foo {
  ...
}

Rationale¶

AppArmor profiles and subprofiles must have a name that matches the filename of the profile. Old syntax that includes profile attachment instead of a profile name must be avoided.

Exceptions¶

None