.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "AA-EASYPROF 8" .TH AA-EASYPROF 8 "2012-07-16" "AppArmor 2.7.103" "AppArmor" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" aa\-easyprof \- AppArmor profile generation made easy. .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBaa-easyprof\fR [option] .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fBaa-easyprof\fR provides an easy to use interface for AppArmor policy generation. \fBaa-easyprof\fR supports the use of templates and policy groups to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating policy by hand or with \&\fBaa-genprof\fR and \fBaa-logprof\fR. .SH "OPTIONS" .IX Header "OPTIONS" \&\fBaa-easyprof\fR accepts the following arguments: .IP "\-t \s-1TEMPLATE\s0, \-\-template=TEMPLATE" 4 .IX Item "-t TEMPLATE, --template=TEMPLATE" Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default. .IP "\-p \s-1POLICYGROUPS\s0, \-\-policy\-groups=POLICYGROUPS" 4 .IX Item "-p POLICYGROUPS, --policy-groups=POLICYGROUPS" Specify \s-1POLICY\s0 as a comma-separated list of policy groups. See \-\-list\-templates for supported policy groups. The available policy groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar to AppArmor abstractions, but usually encompass more policy rules. .IP "\-a \s-1ABSTRACTIONS\s0, \-\-abstractions=ABSTRACTIONS" 4 .IX Item "-a ABSTRACTIONS, --abstractions=ABSTRACTIONS" Specify \s-1ABSTRACTIONS\s0 as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions. See \fIapparmor.d\fR\|(5) for details. .IP "\-r \s-1PATH\s0, \-\-read\-path=PATH" 4 .IX Item "-r PATH, --read-path=PATH" Specify a \s-1PATH\s0 to allow owner reads. May be specified multiple times. If the \&\s-1PATH\s0 ends in a '/', then \s-1PATH\s0 is treated as a directory and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the \&\s-1PATH\s0 to only allow reads to files directly in \s-1PATH\s0. .IP "\-w \s-1PATH\s0, \-\-write\-dir=PATH" 4 .IX Item "-w PATH, --write-dir=PATH" Like \-\-read\-path but also allow owner writes in additions to reads. .IP "\-n \s-1NAME\s0, \-\-name=NAME" 4 .IX Item "-n NAME, --name=NAME" Specify \s-1NAME\s0 of policy. If not specified, \s-1NAME\s0 is set to the name of the binary. The \s-1NAME\s0 of the policy is often used as part of the path in the various templates. .ie n .IP "\-\-template\-var=""@{\s-1VAR\s0}=VALUE""" 4 .el .IP "\-\-template\-var=``@{\s-1VAR\s0}=VALUE''" 4 .IX Item "--template-var=@{VAR}=VALUE" Set \s-1VAR\s0 to \s-1VALUE\s0 in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified multiple times. .IP "\-\-list\-templates" 4 .IX Item "--list-templates" List available templates. .IP "\-\-show\-template=TEMPLATE" 4 .IX Item "--show-template=TEMPLATE" Display template specified with \-\-template. .IP "\-\-templates\-dir=PATH" 4 .IX Item "--templates-dir=PATH" Use \s-1PATH\s0 instead of system templates directory. .IP "\-\-list\-policy\-groups" 4 .IX Item "--list-policy-groups" List available policy groups. .IP "\-\-show\-policy\-group" 4 .IX Item "--show-policy-group" Display policy groups specified with \-\-policy. .IP "\-\-policy\-groups\-dir=PATH" 4 .IX Item "--policy-groups-dir=PATH" Use \s-1PATH\s0 instead of system policy-groups directory. .IP "\-\-author" 4 .IX Item "--author" Specify author of the policy. .IP "\-\-copyright" 4 .IX Item "--copyright" Specify copyright of the policy. .IP "\-\-comment" 4 .IX Item "--comment" Specify comment for the policy. .SH "EXAMPLE" .IX Header "EXAMPLE" Example usage for a program named 'foo' which is installed in /opt/foo: .Sp .RS 4 $ aa-easyprof \-\-template=user\-application \-\-template\-var=\*(L"@{\s-1APPNAME\s0}=foo\*(R" \-\-policy\-groups=opt\-application,user\-application /opt/foo/bin/FooApp .RE .SH "BUGS" .IX Header "BUGS" If you find any additional bugs, please report them to Launchpad at . .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIapparmor\fR\|(7) \fIapparmor.d\fR\|(5)