Talk:AppArmor

From ArchWiki
Latest comment: 18 November 2022 by Nl6720 in topic What really do profiles do?

About the order of Install, kernel parameter, and apparmor.service

I guess Apparmor 's order seem some messy. Mybe we should give a list to make people have a more easy way to read this wiki?

Such:

For linux

1. Install apparmor

2. Modify your kernel parameter

3. Enable apparmor.service

For custom kernel

......

Dragonwater (talk) 03:37, 28 July 2020 (UTC)Reply[reply]

What really do profiles do?

I don't really understand how exactly profiles work. I've just installed apparmor and I've got a bunch of profiles in /etc/apparmor.d/. These are named after, in some cases, applications and, in other cases, something else (maybe?). If I enable apparmor.service, I'm enabling all these profiles? Why would I want to do that when half the things I've never even heard of? If I use different applications, am I supposed to write different profiles? I don't really get any sense from the article as it stands of what I might reasonably expect apparmor to do for me and how to get it to do it. I feel as if it's designed for a different system, but I don't know if that just means it makes no sense to use it or if I'm not understanding what it does. --cfr (talk) 01:01, 16 November 2022 (UTC)Reply[reply]

See AppArmor FAQ: What is a Profile? Policy?.
If no profile applies to an application, it is not confined. In that case you can write a profile yourself.
-- nl6720 (talk) 10:14, 18 November 2022 (UTC)Reply[reply]