enforce(8) [suse man page]

ENFORCE(8)							     AppArmor								ENFORCE(8)

NAME

       aa-enforce - set an AppArmor security profile to enforce mode from complain mode.

SYNOPSIS

       aa-enforce <executable> [<executable> ...]

DESCRIPTION

       aa-enforce is used to set the enforcement mode for one or more profiles to enforce.  This command is only relevant is conjuction with the
       utility complain which sets a profile to complain mode. The default mode for a security policy is enforce and the aa-complain utility must
       be run to change this behavior.

BUGS

       None. Please report any you find to bugzilla at <http://bugzilla.novell.com>.

SEE ALSO

       apparmor(7), apparmor.d(5), aa-complain(1), change_hat(2), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.

NOVELL
/SUSE							    2008-06-11								ENFORCE(8)

APPARMOR_STATUS(8)						     AppArmor							APPARMOR_STATUS(8)

NAME

       apparmor_status - display various information about the current AppArmor policy.

SYNOPSIS

       apparmor_status [option]

DESCRIPTION

       apparmor_status will report various aspects of the current state of AppArmor confinement. By default, it displays the same information as
       if the --verbose argument were given. A sample of what this looks like is:

	 apparmor module is loaded.
	 110 profiles are loaded.
	 102 profiles are in enforce mode.
	 8 profiles are in complain mode.
	 Out of 129 processes running:
	 13 processes have profiles defined.
	 8 processes have profiles in enforce mode.
	 5 processes have profiles in complain mode.

       Other argument options are provided to report individual aspects, to support being used in scripts.

OPTIONS

       apparmor_status accepts only one argument at a time out of:

       --enabled
	   returns error code if AppArmor is not enabled.

       --profiled
	   displays the number of loaded AppArmor policies.

       --enforced
	   displays the number of loaded enforcing AppArmor policies.

       --complaining
	   displays the number of loaded non-enforcing AppArmor policies.

       --verbose
	   displays multiple data points about loaded AppArmor policy set (the default action if no arguments are given).

       --help
	   displays a short usage statement.

BUGS

       apparmor_status must be run as root to read the state of the loaded policy from the apparmor module. It uses the /proc filesystem to
       determine which processes are confined and so is susceptible to race conditions.

       Upon exiting, apparmor_status will set its return value to the following values:

       0   if apparmor is enabled and policy is loaded.

       1   if apparmor is not enabled/loaded.

       2   if apparmor is enabled but no policy is loaded.

       3   if the apparmor control files aren't available under /sys/kernel/security/.

       4   if the user running the script doesn't have enough privileges to read the apparmor control files.

	   If you find any additional bugs, please report them to bugzilla at <http://bugzilla.novell.com>.

SEE ALSO

       apparmor(7), apparmor.d(5), and <http://forge.novell.com/modules/xfmod/project/?apparmor>.

POD ERRORS

       Hey! The above document had some coding errors, which are explained below:

       Around line 95:
	   '=item' outside of any '=over'

       Around line 119:
	   You forgot a '=back' before '=head1'

NOVELL
/SUSE							    2007-05-24							APPARMOR_STATUS(8)