NAME¶
/etc/apparmor/subdomain.conf - configuration file for fine-tuning the behavior
of the AppArmor security tool.
DESCRIPTION¶
The AppArmor security tool can be configured to have certain default behaviors
based on configuration options set in subdomain.conf. There are two variables
that can be set in subdomain.conf:
SUBDOMAIN_PATH, and
SUBDOMAIN_MODULE_PANIC.
SUBDOMAIN_PATH¶
This variable accepts a string (path), and is by default set to
'/etc/apparmor.d/' This variable defines where the AppArmor security tool
looks for its policy definitions (a.k.a. AppArmor profiles).
SUBDOMAIN_MODULE_PANIC¶
This variable accepts a string that is one of four values:
warn,
build,
panic, or
build-panic, and is set by default to
warn.
This setting controls the behavior of the AppArmor initscript if it cannot
successfully load the AppArmor kernel module on startup. The four possible
settings are:
- warn
- Log a failure message (the default behavior).
- build
- Attempt to build the AppArmor module against the currently
running kernel. If the compilation is successful, the module will be
loaded and AppArmor started; if the compilation fails, a failure message
is logged.
- panic
- Log a failure message and drop to runlevel 1 (single
user).
- build-panic
- Attempt to build the module against the running kernel
(like build) and if the compilation fails, drop to runlevel 1
(single user).
BUGS¶
Setting the initscript to recompile the module will fail on SUSE, as the module
source is no longer installed by default. However, the module has been
included with the SUSE kernel, so no rebuilding should be necessary.
If you find any additional bugs, please report them at
<
http://https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO¶
apparmor(7),
apparmor_parser(8), and
<
http://wiki.apparmor.net>.
