8:apparmor parser

From Linux Man Pages

      apparmor_parser - loads AppArmor profiles into the kernel
      

Contents 1 SYNOPSIS 2 DESCRIPTION 3 OPTIONS 4 BUGS 5 RELATED 6 CATEGORY

SYNOPSIS

      apparmor_parser [-adrR] [--add] [--debug]  [--replace] [--remove]
                        [--preprocess] [--Include n] [--base n] [ --Complain ]
 
      apparmor_parser [-hv] [--help] [--version]

DESCRIPTION

      apparmor_parser is used to import new apparmor.d(5) profiles into the Linux kernel. The profiles restrict the
      operations available to processes by executable name.
 
      The profiles are loaded into the Linux kernel by the apparmor_parser program, which takes its input from standard
      input. The input supplied to apparmor_parser should be in the format described in apparmor.d(5).

OPTIONS

      -a, --add
          Insert the AppArmor definitions given into the kernel. This is the default action. This gives an error mes-
          sage if a AppArmor definition by the same name already exists in the kernel, or if the parser doesn't under-
          stand its input. It reports when an addition succeeded.
 
      -r, --replace
          This flag is required if an AppArmor definition by the same name already exists in the kernel; used to
          replace the definition already in the kernel with the definition given on standard input.
 
      -R, --remove
          This flag is used to remove an AppArmor definition already in the kernel.  Note that it still requires a com-
          plete AppArmor definition as described in apparmor.d(5) even though the contents of the definition aren't
          used.
 
      -p, --preprocess
          Parse the profile(s) and process include directives and output the result to stdout.
 
      -I n, --Include n
          Add element n to the search path when resolving #include directives defined as an absolute paths.
 
      -b n, --base n
          Set the base directory for resolving #include directives defined as relative paths.
 
      -C, --Complain
          Load the profile in complain mode.
 
      -h, --help
          Give a quick reference guide.
 
      -v, --version
          Print the version number and exit.
 
      -d, --debug
          Given once, only checks the profiles to ensure syntactic correctness.  Given twice, dumps its interpretation
          of the profile for checking.

BUGS

      None known. If you find any, please report them to bugzilla at <http://bugzilla.novell.com>.

RELATED

      apparmor(7), apparmor.d(5), subdomain.conf(5), change_hat(2), and <http://forge.novell.com/mod-
      ules/xfmod/project/?apparmor>.

CATEGORY