apparmor.d/docs/enforce.md

63 lines
1.8 KiB
Markdown
Raw Normal View History

2023-01-29 22:18:22 +01:00
---
title: Enforce Mode
---
2023-10-21 01:13:30 +02:00
The default package configuration installs all profiles in *complain* mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to *enforce* mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory.
2024-08-30 21:38:30 +02:00
!!! danger
2024-08-30 21:38:30 +02:00
- You **must** test in complain mode first and ensure your system works as expected.
- You **must** regularly check AppArmor log with [`aa-log`](usage.md#apparmor-log) and [report](report.md) issues first.
- When reporting an issue, you **must** ensure the affected profiles are in complain mode.
2023-04-24 13:18:57 +02:00
2024-08-30 21:38:30 +02:00
=== ":material-arch: Archlinux"
2024-08-30 21:38:30 +02:00
In the `PKGBUILD`, replace `make` by `make enforce`:
2023-01-29 22:18:22 +01:00
2024-08-30 21:38:30 +02:00
```diff
- make DISTRIBUTION=arch
+ make enforce DISTRIBUTION=arch
```
2024-08-30 21:38:30 +02:00
Then, build the package with: `make pkg`
2024-08-30 21:38:30 +02:00
=== ":material-ubuntu: Ubuntu"
2024-08-30 21:38:30 +02:00
In `debian/rules`, add the following lines:
2024-01-28 00:13:43 +01:00
2024-08-30 21:38:30 +02:00
```make
override_dh_auto_build:
make enforce
```
2024-01-28 00:13:43 +01:00
2024-08-30 21:38:30 +02:00
Then, build the package with: `make dpkg`
2024-08-30 21:38:30 +02:00
=== ":material-debian: Debian"
In `debian/rules`, add the following lines:
```make
override_dh_auto_build:
make enforce
```
Then, build the package with: `make dpkg`
=== ":simple-suse: openSUSE"
In `dists/apparmor.d.spec`, replace `%make_build` by `%make_build enforce`
```diff
- %make_build
+ %make_build enforce
```
Then, build the package with: `make rpm`
=== ":material-home: Partial Install"
Use the `make enforce` command to build instead of `make`
[aur]: https://aur.archlinux.org/packages/apparmor.d-git