mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 17:01:00 +01:00
ac53d2c30e
files (they should be included with the relavent individual packages). Made package build in new novell forge environment.
100 lines
2.7 KiB
Text
100 lines
2.7 KiB
Text
# $Id$
|
|
# This publication is intellectual property of Novell Inc. Its contents
|
|
# can be duplicated, either in part or in whole, provided that a copyright
|
|
# label is visibly located on each copy.
|
|
#
|
|
# All information found in this book has been compiled with utmost
|
|
# attention to detail. However, this does not guarantee complete accuracy.
|
|
# Neither SUSE LINUX GmbH, the authors, nor the translators shall be held
|
|
# liable for possible errors or the consequences thereof.
|
|
#
|
|
# Many of the software and hardware descriptions cited in this book
|
|
# are registered trademarks. All trade names are subject to copyright
|
|
# restrictions and may be registered trade marks. SUSE LINUX GmbH
|
|
# essentially adheres to the manufacturer's spelling.
|
|
#
|
|
# Names of products and trademarks appearing in this book (with or without
|
|
# specific notation) are likewise subject to trademark and trade protection
|
|
# laws and may thus fall under copyright restrictions.
|
|
#
|
|
# Please direct suggestions and comments to apparmor-general@forge.novell.com.
|
|
|
|
|
|
=pod
|
|
|
|
=head1 NAME
|
|
|
|
apparmor_status - display various information about the current AppArmor
|
|
policy.
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<apparmor_status> [option]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
B<apparmor_status> will report various aspects of the current state of
|
|
AppArmor confinement. By default, it displays the same information as if
|
|
the I<--verbose> argument were given. A sample of what this looks like
|
|
is:
|
|
|
|
apparmor module is loaded.
|
|
110 profiles are loaded.
|
|
102 profiles are in enforce mode.
|
|
8 profiles are in complain mode.
|
|
Out of 129 processes running:
|
|
13 processes have profiles defined.
|
|
8 processes have profiles in enforce mode.
|
|
5 processes have profiles in complain mode.
|
|
|
|
Other argument options are provided to report individual aspects, to
|
|
support being used in scripts.
|
|
|
|
=head1 OPTIONS
|
|
|
|
B<apparmor_status> accepts only one argument at a time out of:
|
|
|
|
=over 4
|
|
|
|
=item --enabled
|
|
|
|
returns error code if AppArmor is not enabled.
|
|
|
|
=item --profiled
|
|
|
|
displays the number of loaded AppArmor policies.
|
|
|
|
=item --enforced
|
|
|
|
displays the number of loaded enforcing AppArmor policies.
|
|
|
|
=item --complaining
|
|
|
|
displays the number of loaded non-enforcing AppArmor policies.
|
|
|
|
=item --verbose
|
|
|
|
displays multiple data points about loaded AppArmor policy
|
|
set (the default action if no arguments are given).
|
|
|
|
=item --help
|
|
|
|
displays a short usage statement.
|
|
|
|
=back
|
|
|
|
=head1 BUGS
|
|
|
|
B<apparmor_status> must be run as root to read the state of the loaded
|
|
policy from the apparmor module. It uses the /proc filesystem to determine
|
|
which processes are confined and so is susceptible to race conditions.
|
|
|
|
If you find any additional bugs, please report them to bugzilla at
|
|
L<http://bugzilla.novell.com>.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
apparmor(7), apparmor.d(5), and
|
|
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
|
|
|
|
=cut
|