mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
adf19138d5
... and document how to create them if you still want them. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/337
27 lines
1.2 KiB
Text
27 lines
1.2 KiB
Text
# This directory is intended to contain profile additions and overrides for
|
|
# inclusion by distributed profiles to aid in packaging AppArmor for
|
|
# distributions.
|
|
#
|
|
# The shipped profiles in /etc/apparmor.d can still be modified by an
|
|
# administrator and people should modify the shipped profile when making
|
|
# large policy changes, rather than trying to make those adjustments here.
|
|
#
|
|
# For simple access additions or the occasional deny override, adjusting them
|
|
# here can prevent the package manager of the distribution from interfering
|
|
# with local modifications. As always, new policy should be reviewed to ensure
|
|
# it is appropriate for your site.
|
|
#
|
|
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
|
|
# include <local/usr.sbin.smbd>
|
|
# or
|
|
# include if exists <local/usr.sbin.smbd>
|
|
#
|
|
# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd
|
|
# (create the file if it doesn't exist yet) to contain any additional paths
|
|
# to be allowed, such as:
|
|
#
|
|
# /var/exports/** lrwk,
|
|
#
|
|
# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't
|
|
# be able to allow access to files that are explicitly denied by the shipped
|
|
# profile using this mechanism.
|