From Linux Man Pages
enforce - AppArmor security profile to enforce mode from complain mode.
SYNOPSIS
enforce [ -d /path/to/profiles ] [program1 program2...] OR enforce [
-d /path/to/profiles ] [profile1 profile2...]
DESCRIPTION
enforce is used to set the enforcement mode for one or more profiles to
enforce. This command is only relevant is conjuction with the utility
complain which sets a profile to complain mode. The default mode for a
security policy is enforce and the complain utility must be run to
change this behavior.
If the program is not in your path, you should specify the entire path,
as follows: enforce /sbin/program1
If the profiles are not in /etc/subdomain.d, type the following to
override the default location: enforce /path/to/profiles/ program1
Alternately, you can specify the profile for program1, as follows:
enforce /etc/subdomain.d/sbin.program1
Each of the above commands will activate enforce mode for the pro-
files/programs listed. If you don.t enter the program or profile
name(s), you will be prompted to enter one. /path/to/profiles over-
rides the default location of /etc/subdomain.d. The argument can be
either a list of programs or a list of profiles. If the program name
does not include its entire path, then enforce searches $PATH for the
program. For instance, .enforce /usr/sbin/*. will find profiles associ-
ated with all of the programs in /usr/sbin and put them into enforce
mode, and .enforce /etc/subdomain.d/*. will put all of the profiles in
/etc/subdomain.d into enforce mode.
BUGS None.
RELATED
subdomain(7), subdomain.d(5), complain(1), and hange_hat(2).
CATEGORY