Manpages

NAME

aa-autodep - guess basic AppArmor profile requirements

SYNOPSIS

aa-autodep <executable> [<executable> ...] [-d /path/to/profiles] [-f]

OPTIONS

-d --dir /path/to/profiles

   Specifies where to look for the AppArmor security profile set.
   Defaults to /etc/apparmor.d.

-f --force

   Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.

DESCRIPTION

aa-autodep is used to generate a minimal AppArmor profile for a set of executables. This program will generate a profile for binary executable as well as interpreted script programs. At a minimum aa-autodep will provide a base profile containing a base include directive which includes basic profile entries needed by most programs. The profile is generated by recursively calling ldd(1) on the executables listed on the command line.

The --force option will overwrite any existing profile for the executable with the newly generated minimal AppArmor profile.

BUGS

This program does not perform full static analysis of executables, so the profiles generated are necessarily incomplete. If you find any bugs, please report them at <https://gitlab.com/apparmor/apparmor/-/issues>;.

SEE ALSO

apparmor(7), apparmor.d(5), aa-complain(1), aa-enforce(1), aa-disable(1), aa_change_hat(2), and <https://wiki.apparmor.net>;.