mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: update install and enforce mode method.

Browse Source
This commit is contained in:
Alexandre Pujol 2023-04-19 19:23:57 +01:00
parent fdbf58abfb
commit a7014e6ee9
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
3 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/enforce.md
View File

@ -4,14 +4,29 @@ title: Enforce Mode
# Enforce Mode # Enforce Mode
The default package configuration installs all profiles in *complain* mode. The default package configuration installs all profiles in *complain* mode. This is a safety measure to ensure you are not going to break your system on initial install. Once you have tested it and it works fine, you can easily switch to *enforce* mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory.
Once you tested have them and it works fine, you can easily switch to *enforce* mode.
To do this, edit `PKGBUILD` on Archlinux or `debian/rules` on Debian and remove !!! warning
the `--complain` option to the configure script. Then build the package as usual:
When reporting issue. Please ensure the profiles are in complain mode
#### :material-arch: Archlinux
In `PKGBUILD`, replace `make` by `make enforce`:
```diff ```diff
- ./configure --complain - make
+ ./configure + make enforce
``` ```
Do not worry, the profiles that are not considered stable are kept in complain mode. #### :material-ubuntu: Ubuntu & :material-debian: Debian
They can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory.
In `debian/rules`, add the following lines:
```make
override_dh_auto_build:
make enforce
```
#### :simple-suse: OpenSUSE & Partial install
Use the `make enforce` command to build instead of `make`

10
docs/install.md
View File

@ -39,11 +39,11 @@ makepkg -si
!!! note !!! note
The following Archlinux based distributions are supported: If your Archlinux based distribution is not recognized, force it with:
```sh
DISTRIBUTION=arch makepkg -si
```
- [x] CachyOS
- [x] EndeavourOS
- [x] :material-manjaro: Manjaro Linux
## :material-ubuntu: Ubuntu & :material-debian: Debian ## :material-ubuntu: Ubuntu & :material-debian: Debian
@ -63,7 +63,6 @@ sudo dpkg -i ../apparmor.d_*_all.deb
Build and install from source: Build and install from source:
```sh ```sh
./configure --complain
make make
sudo make install sudo make install
sudo systemctl restart apparmor sudo systemctl restart apparmor
@ -80,7 +79,6 @@ For test purposes, you can install specific profiles with the following commands
Abstractions, tunables, and most of the OS dependent post-processing is managed. Abstractions, tunables, and most of the OS dependent post-processing is managed.
```sh ```sh
./configure --complain
make make
sudo make profile-names... sudo make profile-names...
``` ```

3
docs/report.md
View File

@ -7,6 +7,9 @@ title: Report AppArmor logs
The **[aa-log](/usage/#apparmor-log)** tool reports all AppArmor `DENIED` and The **[aa-log](/usage/#apparmor-log)** tool reports all AppArmor `DENIED` and
`ALLOWED`. It should be used to fix AppArmor related issues. `ALLOWED`. It should be used to fix AppArmor related issues.
While testing, if something get wrong, you need to put the profile in complain mode,
to that you can investigate and it does not block your program.
When creating [an issue on Github][newissue]. Please ensure you post a link to When creating [an issue on Github][newissue]. Please ensure you post a link to
the [paste] of the AppArmor audit log: `/var/log/audit/audit.log`. the [paste] of the AppArmor audit log: `/var/log/audit/audit.log`.