| B<enforce> - AppArmor security profile to I<enforce> mode from I<complain> mode. |
enforce - AppArmor security profile to enforce mode from complain mode.
enforce [ -d /path/to/profiles ] [program1 program2...] OR enforce [ -d /path/to/profiles ] [profile1 profile2...]
enforce is used to set the enforcement mode for one or more profiles to enforce. This command is only relevant is conjuction with the utility complain which sets a profile to complain mode. The default mode for a security policy is enforce and the complain utility must be run to change this behavior.
If the program is not in your path, you should specify the entire path, as follows: enforce /sbin/program1
If the profiles are not in /etc/subdomain.d, type the following to override the default location: enforce /path/to/profiles/ program1
Alternately, you can specify the profile for program1, as follows: enforce /etc/subdomain.d/sbin.program1
Each of the above commands will activate enforce mode for the profiles/programs listed. If you don.t enter the program or profile name(s), you will be prompted to enter one. /path/to/profiles overrides the default location of /etc/subdomain.d. The argument can be either a list of programs or a list of profiles. If the program name does not include its entire path, then enforce searches $PATH for the program. For instance, .enforce /usr/sbin/*. will find profiles associated with all of the programs in /usr/sbin and put them into enforce mode, and .enforce /etc/subdomain.d/*. will put all of the profiles in /etc/subdomain.d into enforce mode.
subdomain(7), subdomain.d(5), complain(1), and hange_hat(2).
| B<enforce> - AppArmor security profile to I<enforce> mode from I<complain> mode. |