complain - set AppArmor security profile to complain mode.
#name
NAME
#synopsis
SYNOPSIS
#description
DESCRIPTION
#bugs
BUGS
#see_also
SEE ALSO
NAME
complain - set AppArmor security profile to complain mode.
SYNOPSIS
complain [ -d /path/to/profiles ] [program1 program2...]
OR
complain [ -d /path/to/profiles ] [profile1 profile2...]
DESCRIPTION
The
complain:
or learning mode AppArmor tool detects violations of AppArmor profile rules, such as the profiled program accessing files not permitted by the profile. The violations are permitted, but also logged. To improve the profile, turn complain mode on, run the program through a suite of tests to generate log events that characterize the program.s access needs, then post-process the log with the AppArmor tools to transform log events into improved profiles.
Manually activating complain mode (using the command line) adds a flag to the top of the profile so that ./bin/foo {. becomes ./bin/foo flags=(complain) {.. To use complain mode, open a terminal window and type one of the following lines as a root user.
-If the example program (program1) is in your path, type:
complain [program1 program2 ...]
-If the program is not in your path, you should specify the entire path, as follows:
complain /sbin/program1
-If the profiles are not in /etc/subdomain.d, type the following to override the default location:
complain /path/to/profiles/ program1
-Alternately, you can specify the profile for program1, as follows:
complain /etc/subdomain.d/sbin.program1
Each of the above commands will activate complain mode for the profiles/programs listed. The command can either list programs or profiles. If the program name does not include its entire path, then complain  searches $PATH for the program. So for instance .complain /usr/sbin/*. will find profiles associated with all of the programs in /usr/sbin and put them into complain mode, and .complain /etc/subdomain.d/*. will put all of the profiles in /etc/subdomain.d into complain mode.
BUGS
None.
SEE ALSO
subdomain(7), subdomain.d(5), enforce(1), and hange_hat(2).
complain - set AppArmor security profile to complain mode.
