Scroll to navigation

DH_APPARMOR(1) Debhelper DH_APPARMOR(1)

NAME

dh_apparmor - reload AppArmor profile and create local include

SYNOPSIS

dh_apparmor [--manifest=manifestfile] --profile-name=profilename

DESCRIPTION

dh_apparmor is a debhelper program that will create/remove the /etc/apparmor.d/local/<profilename> include file in maintainer scripts. It also reloads the specified AppArmor profile in postinst using:

apparmor_parser -r -W -T /etc/apparmor.d/<profilename>

By using '-W -T' we ensure that any abstraction updates are also pulled in.

OPTIONS

--profile-name=<profilename>
Specify the profile name. Eg:

dh_apparmor --profile-name=bin.foo dh_apparmor --profile-name=bin.foo -p foo

--manifest=<manifestfile>
Optionally specify a manifest file. When specified, a profile is generated by calling aa-easyprof(8) with the specified manifest file and putting the resulting profile in debian/apparmor/<profilename>. Eg, if there is a valid manifest in debian/manifest.json, then the following command will create debian/apparmor/bin.bar for the 'bar' package (you will need to clean this up via override_dh_clean or similar).

dh_apparmor --manifest=manifest.json --profile-name=bin.bar -p bar

Because not all build environments support the apparmor kernel interface, aa-easyprof(8) is called with the --no-verify option. Use of this option requires that apparmor-easyprof is installed.

NOTES

When using modern dh packaging techniques, dh_apparmor can be added to the override_dh_install section of the rules file. Note that for packages that have multiple binary packages, you will want to pass '-p<package name>' to dh_apparmor, otherwise dh_apparmor will add AppArmor reload commands for all packages rather than just the one that ships the profile.

In addition, you will have to install the profile itself in /etc/apparmor.d. Eg, in the above manifest file example if you are using dh_install you would add to debian/bar.install:

debian/apparmor/bin.bar etc/apparmor.d

SEE ALSO

debhelper(7) aa-easyprof(8)

This program is a part of debhelper.

AUTHOR

Jamie Strandboge <jamie@canonical.com>
2019-09-08 2.13.3-5