| /etc/immunix/subdomain.conf - configuration file for fine-tuning the behavior of the AppArmor security tool. |
/etc/immunix/subdomain.conf - configuration file for fine-tuning the behavior of the AppArmor security tool.
The AppArmor security tool can be configured to have certain default behaviors based on configuration options set in subdomain.conf. There are three variables that can be set in subdomain.conf: SUBDOMAIN_ENABLE_OWLSM, SUBDOMAIN_PATH, and SUBDOMAIN_MODULE_PANIC.
This variable toggles between yes/no, and by default it is set to no.
This variable determines whether the subdomain initscript will enable or disable the OWLsm security extension for subdomain when the subdomain security tool is started. When enabled, the OWLsm feature prevents programs from following symlinks in temporary directories that are not owned by the program's UID, and it prevents processes from creating hardlinks to files not owned by their UID.
This variable accepts a string (path), and is by default set to '/etc/subdomain.d/' This variable defines where the subdomain security tool looks for its policy definitions (a.k.a. subdomain profiles).
This variable accepts a string that is one of four values: warn, build, panic, or build-panic, and is set by default to warn.
This setting controls the behavior of the AppArmor initscript if it cannot successfully load the subdomain kernel module on startup. The four possible settings are:
None known. If you find any, please report them to support@immunix.com or bugzilla at http://bugs.wirex.com.
subdomain(7) and subdomain_parser(8).
| /etc/immunix/subdomain.conf - configuration file for fine-tuning the behavior of the AppArmor security tool. |