NAME
/etc/apparmor/subdomain.conf - configuration file for fine-tuning the
behavior of the AppArmor security tool.
DESCRIPTION
The AppArmor security tool can be configured to have
certain default behaviors based on configuration options set
in subdomain.conf. There are two variables that can be set in
subdomain.conf: \s-1SUBDOMAIN_PATH\s0, and \s-1SUBDOMAIN_MODULE_PANIC\s0.
\s-1SUBDOMAIN_PATH\s0
This variable accepts a string (path), and is by default set to
'/etc/apparmor.d/' This variable defines where the AppArmor security
tool looks for its policy definitions (a.k.a. AppArmor profiles).
\s-1SUBDOMAIN_MODULE_PANIC\s0
This variable accepts a string that is one of four values: warn,
build, panic, or build-panic, and is set by default to warn.
This setting controls the behavior of the AppArmor initscript if it
cannot successfully load the AppArmor kernel module on startup. The four
possible settings are:
"warn"
Log a failure message (the default behavior).
"build"
Attempt to build the AppArmor module against the currently running
kernel. If the compilation is successful, the module will be loaded and
AppArmor started; if the compilation fails, a failure message is logged.
"panic"
Log a failure message and drop to runlevel 1 (single user).
"build-panic"
Attempt to build the module against the running kernel (like build)
and if the compilation fails, drop to runlevel 1 (single user).
BUGS
Setting the initscript to recompile the module will fail on \s-1SUSE\s0, as the
module source is no longer installed by default. However, the module has
been included with the \s-1SUSE\s0 kernel, so no rebuilding should be necessary.
If you find any additional bugs, please report them to
bugzilla at <http://bugzilla.novell.com>.
SEE ALSO
apparmor(7), apparmor_parser(8), and
<http://forge.novell.com/modules/xfmod/project/?apparmor>.