Man Linux: Main Page and Category List

NAME

       /etc/apparmor/subdomain.conf - configuration file for fine-tuning the
       behavior of the AppArmor security tool.

DESCRIPTION

       The AppArmor security tool can be configured to have certain default
       behaviors based on configuration options set in subdomain.conf. There
       are two variables that can be set in subdomain.conf: SUBDOMAIN_PATH,
       and SUBDOMAIN_MODULE_PANIC.

   SUBDOMAIN_PATH
       This variable accepts a string (path), and is by default set to
       '/etc/apparmor.d/' This variable defines where the AppArmor security
       tool looks for its policy definitions (a.k.a. AppArmor profiles).

   SUBDOMAIN_MODULE_PANIC
       This variable accepts a string that is one of four values: warn, build,
       panic, or build-panic, and is set by default to warn.

       This setting controls the behavior of the AppArmor initscript if it
       cannot successfully load the AppArmor kernel module on startup. The
       four possible settings are:

       warn
           Log a failure message (the default behavior).

       build
           Attempt to build the AppArmor module against the currently running
           kernel. If the compilation is successful, the module will be loaded
           and AppArmor started; if the compilation fails, a failure message
           is logged.

       panic
           Log a failure message and drop to runlevel 1 (single user).

       build-panic
           Attempt to build the module against the running kernel (like build)
           and if the compilation fails, drop to runlevel 1 (single user).

BUGS

       Setting the initscript to recompile the module will fail on SUSE, as
       the module source is no longer installed by default. However, the
       module has been included with the SUSE kernel, so no rebuilding should
       be necessary.

       If you find any additional bugs, please report them to bugzilla at
       <http://bugzilla.novell.com>.

SEE ALSO

       apparmor(7), apparmor_parser(8), and
       <http://forge.novell.com/modules/xfmod/project/?apparmor>.