documentation.suse.com / SUSE Linux Enterprise Desktopドキュメント / Security and Hardening Guide / Confining privileges with AppArmor / AppArmor profile repositories
Applies to SUSE Linux Enterprise Desktop 15 SP6

33 AppArmor profile repositories

AppArmor ships with a set of profiles enabled by default. These are created by the AppArmor developers, and are stored in /etc/apparmor.d. In addition to these profiles, SUSE Linux Enterprise Desktop ships profiles for individual applications together with the relevant application. These profiles are not enabled by default, and reside under another directory than the standard AppArmor profiles, /usr/share/apparmor/extra-profiles.

The AppArmor tools (YaST, aa-genprof and aa-logprof) support the use of a local repository. Whenever you start to create a new profile from scratch, and there already is an inactive profile in your local repository, you are asked whether you want to use the existing inactive one from /usr/share/apparmor/extra-profiles and whether you want to base your efforts on it. If you decide to use this profile, it gets copied over to the directory of profiles enabled by default (/etc/apparmor.d) and loaded whenever AppArmor is started. Any further adjustments will be done to the active profile under /etc/apparmor.d.