CINXE.COM
Profiling_with_tools 路 Wiki 路 AppArmor / apparmor 路 GitLab
<!DOCTYPE html> <html class="gl-light ui-neutral with-top-bar with-header " lang="en"> <head prefix="og: http://ogp.me/ns#"> <meta charset="utf-8"> <meta content="IE=edge" http-equiv="X-UA-Compatible"> <meta content="width=device-width, initial-scale=1" name="viewport"> <title>Profiling_with_tools 路 Wiki 路 AppArmor / apparmor 路 GitLab</title> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ window.gon={};gon.math_rendering_limits_enabled=true;gon.features={"preserveMarkdown":false,"glqlIntegration":false,"continueIndentedText":false}; //]]> </script> <link rel="stylesheet" href="/assets/application-47ad6136e281eab235c6af040242ecf1c0a58ded0f4c3cd352781c780f6bd10c.css" /> <link rel="stylesheet" href="/assets/page_bundles/wiki-bbc8c2e50859066de1252458a1497ec3ff7e7e65edc58399d4786b0f52f930db.css" /><link rel="stylesheet" href="/assets/page_bundles/commit_description-1e2cba4dda3c7b30dd84924809020c569f1308dea51520fe1dd5d4ce31403195.css" /><link rel="stylesheet" href="/assets/page_bundles/work_items-22a76cdd1fe2ae5431b7ff603f86212acaf81b49c4a932f19e3b3222dc1881ee.css" /><link rel="stylesheet" href="/assets/page_bundles/notes_shared-30de79203a0836dddd3a4cf7364d63afb16a0f2deb0bbc654b00692872696739.css" /> <link rel="stylesheet" href="/assets/application_utilities-58bec0f2dc46133fc9e8548af9854688398e9d7263cc0fd95ec5739f2a069dec.css" /> <link rel="stylesheet" href="/assets/tailwind-79a1d592825c93045f94372fe49b80080d4952e6129676a307aa391980156496.css" /> <link rel="stylesheet" href="/assets/fonts-fae5d3f79948bd85f18b6513a025f863b19636e85b09a1492907eb4b1bb0557b.css" /> <link rel="stylesheet" href="/assets/highlight/themes/white-99cce4f4b362f6840d7134d4129668929fde49c4da11d6ebf17f99768adbd868.css" /> <script src="/assets/webpack/runtime.4728fef8.bundle.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/main.a1bcb1ba.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/tracker.d8ced242.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/analytics.20a07e5c.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ window.snowplowOptions = {"namespace":"gl","hostname":"snowplowprd.trx.gitlab.net","cookieDomain":".gitlab.com","appId":"gitlab","formTracking":true,"linkClickTracking":true} gl = window.gl || {}; gl.snowplowStandardContext = {"schema":"iglu:com.gitlab/gitlab_standard/jsonschema/1-1-1","data":{"environment":"production","source":"gitlab-rails","correlation_id":"01JM8NJRNXFSYPY57MFX7X9GM0","plan":"opensource","extra":{},"user_id":null,"global_user_id":null,"is_gitlab_team_member":null,"namespace_id":2118303,"project_id":4484878,"feature_enabled_by_namespace_ids":null,"realm":"saas","instance_id":"ea8bf810-1d6f-4a6a-b4fd-93e8cbd8b57f","host_name":"gitlab-webservice-web-84bd84966c-7w729","instance_version":"17.9.0","context_generated_at":"2025-02-17T00:40:25.830Z"}} gl.snowplowPseudonymizedPageUrl = "https://gitlab.com/namespace2118303/project4484878/-/wikis/Profiling_with_tools"; gl.maskedDefaultReferrerUrl = null; gl.ga4MeasurementId = 'G-ENFH3X7M5Y'; //]]> </script> <link rel="preload" href="/assets/application_utilities-58bec0f2dc46133fc9e8548af9854688398e9d7263cc0fd95ec5739f2a069dec.css" as="style" type="text/css" nonce="hKp8NmG84HssAGqRh7cd4g=="> <link rel="preload" href="/assets/application-47ad6136e281eab235c6af040242ecf1c0a58ded0f4c3cd352781c780f6bd10c.css" as="style" type="text/css" nonce="hKp8NmG84HssAGqRh7cd4g=="> <link rel="preload" href="/assets/highlight/themes/white-99cce4f4b362f6840d7134d4129668929fde49c4da11d6ebf17f99768adbd868.css" as="style" type="text/css" nonce="hKp8NmG84HssAGqRh7cd4g=="> <link crossorigin="" href="https://snowplowprd.trx.gitlab.net" rel="preconnect"> <link as="font" crossorigin="" href="/assets/gitlab-sans/GitLabSans-1e0a5107ea3bbd4be93e8ad2c503467e43166cd37e4293570b490e0812ede98b.woff2" rel="preload"> <link as="font" crossorigin="" href="/assets/gitlab-sans/GitLabSans-Italic-38eaf1a569a54ab28c58b92a4a8de3afb96b6ebc250cf372003a7b38151848cc.woff2" rel="preload"> <link as="font" crossorigin="" href="/assets/gitlab-mono/GitLabMono-08d2c5e8ff8fd3d2d6ec55bc7713380f8981c35f9d2df14e12b835464d6e8f23.woff2" rel="preload"> <link as="font" crossorigin="" href="/assets/gitlab-mono/GitLabMono-Italic-38e58d8df29485a20c550da1d0111e2c2169f6dcbcf894f2cd3afbdd97bcc588.woff2" rel="preload"> <link rel="preload" href="/assets/fonts-fae5d3f79948bd85f18b6513a025f863b19636e85b09a1492907eb4b1bb0557b.css" as="style" type="text/css" nonce="hKp8NmG84HssAGqRh7cd4g=="> <script src="/assets/webpack/sentry.50c23da3.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.analytics.dashboards-pages.groups.harbor.repositories-pages.groups.iteration_ca-fae0f519.5b107e61.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.new-pages.import.gitlab_projects.new-pages.import.manifest.new-pages.projects.n-44c6c18e.77d582f4.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.search.show-super_sidebar.3f577741.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/super_sidebar.87a3cc66.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.projects-pages.projects.activity-pages.projects.alert_management.details-pages.project-68d77824.79456cb0.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.admin.abuse_reports.show-pages.admin.topics.edit-pages.admin.topics.new-pages.groups.c-ee481b6b.f3e17a81.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/5.57620128.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/6.dfe26d30.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.admin.abuse_reports.show-pages.admin.topics.edit-pages.admin.topics.new-pages.groups.c-8e2404e8.46b9e261.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/15.5e0a0798.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.roadmap.show-pages.groups.wikis-pages.groups.wikis.diff-pages.groups.wikis.git_-f86ba45d.f0208b6d.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.wikis-pages.groups.wikis.diff-pages.groups.wikis.git_access-pages.groups.wikis.-53394378.5a5c8679.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.wikis-pages.groups.wikis.diff-pages.groups.wikis.git_access-pages.groups.wikis.-bd8643e0.2c5982e9.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.wikis-pages.groups.wikis.diff-pages.groups.wikis.git_access-pages.groups.wikis.-880ac750.0b85e166.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/commons-pages.groups.wikis-pages.groups.wikis.diff-pages.groups.wikis.git_access-pages.groups.wikis.-0c2b43e7.5acceb55.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <script src="/assets/webpack/pages.projects.wikis.show.975a8053.chunk.js" defer="defer" nonce="66USbx/BOSTc/Mm+EpdiyQ=="></script> <meta content="object" property="og:type"> <meta content="GitLab" property="og:site_name"> <meta content="Profiling_with_tools 路 Wiki 路 AppArmor / apparmor 路 GitLab" property="og:title"> <meta content="The AppArmor user space development project." property="og:description"> <meta content="https://gitlab.com/uploads/-/system/project/avatar/4484878/apparmor-red-diag_1w2h.png" property="og:image"> <meta content="64" property="og:image:width"> <meta content="64" property="og:image:height"> <meta content="https://gitlab.com/apparmor/apparmor/-/wikis/Profiling_with_tools" property="og:url"> <meta content="summary" property="twitter:card"> <meta content="Profiling_with_tools 路 Wiki 路 AppArmor / apparmor 路 GitLab" property="twitter:title"> <meta content="The AppArmor user space development project." property="twitter:description"> <meta content="https://gitlab.com/uploads/-/system/project/avatar/4484878/apparmor-red-diag_1w2h.png" property="twitter:image"> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="nj4c1FidUyByZG2Xy831bUugsYwZFKXhcEqY2n4n08HmkjvXXk9FsryDNozQR0_Z6USCIHDDGDfngvQYAFusaQ" /> <meta name="csp-nonce" content="66USbx/BOSTc/Mm+EpdiyQ==" /> <meta name="action-cable-url" content="/-/cable" /> <link href="/-/manifest.json" rel="manifest"> <link rel="icon" type="image/png" href="/assets/favicon-72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef.png" id="favicon" data-original-href="/assets/favicon-72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef.png" /> <link rel="apple-touch-icon" type="image/x-icon" href="/assets/apple-touch-icon-b049d4bc0dd9626f31db825d61880737befc7835982586d015bded10b4435460.png" /> <link href="/search/opensearch.xml" rel="search" title="Search GitLab" type="application/opensearchdescription+xml"> <meta content="The AppArmor user space development project." name="description"> <meta content="#ececef" name="theme-color"> </head> <body class="tab-width-8 gl-browser-ie gl-platform-windows" data-group="apparmor" data-group-full-path="apparmor" data-namespace-id="2118303" data-page="projects:wikis:show" data-page-type-id="Profiling_with_tools" data-project="apparmor" data-project-full-path="apparmor/apparmor" data-project-id="4484878"> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ gl = window.gl || {}; gl.GfmAutoComplete = gl.GfmAutoComplete || {}; gl.GfmAutoComplete.dataSources = {"epics":"/apparmor/apparmor/-/autocomplete_sources/epics","iterations":"/apparmor/apparmor/-/autocomplete_sources/iterations","vulnerabilities":"/apparmor/apparmor/-/autocomplete_sources/vulnerabilities","members":"/apparmor/apparmor/-/autocomplete_sources/members?type=Wiki\u0026type_id=Profiling_with_tools","issues":"/apparmor/apparmor/-/autocomplete_sources/issues","mergeRequests":"/apparmor/apparmor/-/autocomplete_sources/merge_requests","labels":"/apparmor/apparmor/-/autocomplete_sources/labels?type=Wiki\u0026type_id=Profiling_with_tools","milestones":"/apparmor/apparmor/-/autocomplete_sources/milestones","commands":"/apparmor/apparmor/-/autocomplete_sources/commands?type=Wiki\u0026type_id=Profiling_with_tools","snippets":"/apparmor/apparmor/-/autocomplete_sources/snippets","contacts":"/apparmor/apparmor/-/autocomplete_sources/contacts?type=Wiki\u0026type_id=Profiling_with_tools","wikis":"/apparmor/apparmor/-/autocomplete_sources/wikis"}; //]]> </script> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ gl = window.gl || {}; gl.client = {"isIe":true,"isWindows":true}; //]]> </script> <header class="header-logged-out" data-testid="navbar"> <a class="gl-sr-only gl-accessibility" href="#content-body">Skip to content</a> <div class="container-fluid"> <nav aria-label="Explore GitLab" class="header-logged-out-nav gl-flex gl-gap-3 gl-justify-between"> <div class="gl-flex gl-items-center gl-gap-1"> <span class="gl-sr-only">GitLab</span> <a title="Homepage" id="logo" class="header-logged-out-logo has-tooltip" aria-label="Homepage" data-track-label="main_navigation" data-track-action="click_gitlab_logo_link" data-track-property="navigation_top" href="/"><svg aria-hidden="true" role="img" class="tanuki-logo" width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"> <path class="tanuki-shape tanuki" d="m24.507 9.5-.034-.09L21.082.562a.896.896 0 0 0-1.694.091l-2.29 7.01H7.825L5.535.653a.898.898 0 0 0-1.694-.09L.451 9.411.416 9.5a6.297 6.297 0 0 0 2.09 7.278l.012.01.03.022 5.16 3.867 2.56 1.935 1.554 1.176a1.051 1.051 0 0 0 1.268 0l1.555-1.176 2.56-1.935 5.197-3.89.014-.01A6.297 6.297 0 0 0 24.507 9.5Z" fill="#E24329"/> <path class="tanuki-shape right-cheek" d="m24.507 9.5-.034-.09a11.44 11.44 0 0 0-4.56 2.051l-7.447 5.632 4.742 3.584 5.197-3.89.014-.01A6.297 6.297 0 0 0 24.507 9.5Z" fill="#FC6D26"/> <path class="tanuki-shape chin" d="m7.707 20.677 2.56 1.935 1.555 1.176a1.051 1.051 0 0 0 1.268 0l1.555-1.176 2.56-1.935-4.743-3.584-4.755 3.584Z" fill="#FCA326"/> <path class="tanuki-shape left-cheek" d="M5.01 11.461a11.43 11.43 0 0 0-4.56-2.05L.416 9.5a6.297 6.297 0 0 0 2.09 7.278l.012.01.03.022 5.16 3.867 4.745-3.584-7.444-5.632Z" fill="#FC6D26"/> </svg> </a></div> <ul class="gl-list-none gl-p-0 gl-m-0 gl-flex gl-gap-3 gl-items-center gl-grow"> <li class="header-logged-out-nav-item header-logged-out-dropdown md:gl-hidden"> <button class="header-logged-out-toggle" data-toggle="dropdown" type="button"> <span class="gl-sr-only"> Menu </span> <svg class="s16" data-testid="hamburger-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#hamburger"></use></svg> </button> <div class="dropdown-menu"> <ul> <li> <a href="https://about.gitlab.com/why-gitlab">Why GitLab </a></li> <li> <a href="https://about.gitlab.com/pricing">Pricing </a></li> <li> <a href="https://about.gitlab.com/sales">Contact Sales </a></li> <li> <a href="/explore">Explore</a> </li> </ul> </div> </li> <li class="header-logged-out-nav-item gl-hidden md:gl-inline-block"> <a href="https://about.gitlab.com/why-gitlab">Why GitLab </a></li> <li class="header-logged-out-nav-item gl-hidden md:gl-inline-block"> <a href="https://about.gitlab.com/pricing">Pricing </a></li> <li class="header-logged-out-nav-item gl-hidden gl-inline-block"> <a href="https://about.gitlab.com/sales">Contact Sales </a></li> <li class="header-logged-out-nav-item gl-hidden md:gl-inline-block"> <a class="" href="/explore">Explore</a> </li> </ul> <ul class="gl-list-none gl-p-0 gl-m-0 gl-flex gl-gap-3 gl-items-center gl-justify-end"> <li class="header-logged-out-nav-item"> <a href="/users/sign_in?redirect_to_referer=yes">Sign in</a> </li> <li class="header-logged-out-nav-item"> <a class="gl-button btn btn-md btn-confirm !gl-inline-flex" href="/users/sign_up"><span class="gl-button-text"> Get free trial </span> </a></li> </ul> </nav> </div> </header> <div class="layout-page page-gutter wiki-sidebar right-sidebar-expanded page-with-super-sidebar"> <aside class="js-super-sidebar super-sidebar super-sidebar-loading" data-command-palette="{"project_files_url":"/apparmor/apparmor/-/files/master?format=json","project_blob_url":"/apparmor/apparmor/-/blob/master"}" data-force-desktop-expanded-sidebar="" data-is-saas="true" data-root-path="/" data-sidebar="{"whats_new_most_recent_release_items_count":4,"whats_new_version_digest":"0dc755729105d759eb626954bd82029a9f94aed1c747983d4f27a0d7ade59e57","is_logged_in":false,"context_switcher_links":[{"title":"Explore","link":"/explore","icon":"compass"}],"current_menu_items":[{"id":"project_overview","title":"apparmor","avatar":"/uploads/-/system/project/avatar/4484878/apparmor-red-diag_1w2h.png","entity_id":4484878,"link":"/apparmor/apparmor","link_classes":"shortcuts-project","is_active":false},{"id":"manage_menu","title":"Manage","icon":"users","avatar_shape":"rect","link":"/apparmor/apparmor/activity","is_active":false,"items":[{"id":"activity","title":"Activity","link":"/apparmor/apparmor/activity","link_classes":"shortcuts-project-activity","is_active":false},{"id":"members","title":"Members","link":"/apparmor/apparmor/-/project_members","is_active":false},{"id":"labels","title":"Labels","link":"/apparmor/apparmor/-/labels","is_active":false}],"separated":false},{"id":"plan_menu","title":"Plan","icon":"planning","avatar_shape":"rect","link":"/apparmor/apparmor/-/issues","is_active":true,"items":[{"id":"project_issue_list","title":"Issues","link":"/apparmor/apparmor/-/issues","pill_count_field":"openIssuesCount","link_classes":"shortcuts-issues has-sub-items","is_active":false},{"id":"boards","title":"Issue boards","link":"/apparmor/apparmor/-/boards","link_classes":"shortcuts-issue-boards","is_active":false},{"id":"milestones","title":"Milestones","link":"/apparmor/apparmor/-/milestones","is_active":false},{"id":"iterations","title":"Iterations","link":"/apparmor/apparmor/-/cadences","is_active":false},{"id":"project_wiki","title":"Wiki","link":"/apparmor/apparmor/-/wikis/home","link_classes":"shortcuts-wiki","is_active":true},{"id":"requirements","title":"Requirements","link":"/apparmor/apparmor/-/requirements_management/requirements","is_active":false}],"separated":false},{"id":"code_menu","title":"Code","icon":"code","avatar_shape":"rect","link":"/apparmor/apparmor/-/merge_requests","is_active":false,"items":[{"id":"project_merge_request_list","title":"Merge requests","link":"/apparmor/apparmor/-/merge_requests","pill_count_field":"openMergeRequestsCount","link_classes":"shortcuts-merge_requests","is_active":false},{"id":"files","title":"Repository","link":"/apparmor/apparmor/-/tree/master","link_classes":"shortcuts-tree","is_active":false},{"id":"branches","title":"Branches","link":"/apparmor/apparmor/-/branches","is_active":false},{"id":"commits","title":"Commits","link":"/apparmor/apparmor/-/commits/master?ref_type=heads","link_classes":"shortcuts-commits","is_active":false},{"id":"tags","title":"Tags","link":"/apparmor/apparmor/-/tags","is_active":false},{"id":"graphs","title":"Repository graph","link":"/apparmor/apparmor/-/network/master?ref_type=heads","link_classes":"shortcuts-network","is_active":false},{"id":"compare","title":"Compare revisions","link":"/apparmor/apparmor/-/compare?from=master\u0026to=master","is_active":false},{"id":"project_snippets","title":"Snippets","link":"/apparmor/apparmor/-/snippets","link_classes":"shortcuts-snippets","is_active":false},{"id":"file_locks","title":"Locked files","link":"/apparmor/apparmor/path_locks","is_active":false}],"separated":false},{"id":"build_menu","title":"Build","icon":"rocket","avatar_shape":"rect","link":"/apparmor/apparmor/-/pipelines","is_active":false,"items":[{"id":"pipelines","title":"Pipelines","link":"/apparmor/apparmor/-/pipelines","link_classes":"shortcuts-pipelines","is_active":false},{"id":"jobs","title":"Jobs","link":"/apparmor/apparmor/-/jobs","link_classes":"shortcuts-builds","is_active":false},{"id":"pipeline_schedules","title":"Pipeline schedules","link":"/apparmor/apparmor/-/pipeline_schedules","link_classes":"shortcuts-builds","is_active":false},{"id":"test_cases","title":"Test cases","link":"/apparmor/apparmor/-/quality/test_cases","link_classes":"shortcuts-test-cases","is_active":false},{"id":"artifacts","title":"Artifacts","link":"/apparmor/apparmor/-/artifacts","link_classes":"shortcuts-builds","is_active":false}],"separated":false},{"id":"deploy_menu","title":"Deploy","icon":"deployments","avatar_shape":"rect","link":"/apparmor/apparmor/-/releases","is_active":false,"items":[{"id":"releases","title":"Releases","link":"/apparmor/apparmor/-/releases","link_classes":"shortcuts-deployments-releases","is_active":false},{"id":"packages_registry","title":"Package Registry","link":"/apparmor/apparmor/-/packages","link_classes":"shortcuts-container-registry","is_active":false},{"id":"container_registry","title":"Container Registry","link":"/apparmor/apparmor/container_registry","is_active":false},{"id":"model_registry","title":"Model registry","link":"/apparmor/apparmor/-/ml/models","is_active":false}],"separated":false},{"id":"operations_menu","title":"Operate","icon":"cloud-pod","avatar_shape":"rect","link":"/apparmor/apparmor/-/environments","is_active":false,"items":[{"id":"environments","title":"Environments","link":"/apparmor/apparmor/-/environments","link_classes":"shortcuts-environments","is_active":false},{"id":"infrastructure_registry","title":"Terraform modules","link":"/apparmor/apparmor/-/terraform_module_registry","is_active":false}],"separated":false},{"id":"monitor_menu","title":"Monitor","icon":"monitor","avatar_shape":"rect","link":"/apparmor/apparmor/-/incidents","is_active":false,"items":[{"id":"incidents","title":"Incidents","link":"/apparmor/apparmor/-/incidents","is_active":false},{"id":"service_desk","title":"Service Desk","link":"/apparmor/apparmor/-/issues/service_desk","is_active":false}],"separated":false},{"id":"analyze_menu","title":"Analyze","icon":"chart","avatar_shape":"rect","link":"/apparmor/apparmor/-/value_stream_analytics","is_active":false,"items":[{"id":"cycle_analytics","title":"Value stream analytics","link":"/apparmor/apparmor/-/value_stream_analytics","link_classes":"shortcuts-project-cycle-analytics","is_active":false},{"id":"contributors","title":"Contributor analytics","link":"/apparmor/apparmor/-/graphs/master?ref_type=heads","is_active":false},{"id":"ci_cd_analytics","title":"CI/CD analytics","link":"/apparmor/apparmor/-/pipelines/charts","is_active":false},{"id":"repository_analytics","title":"Repository analytics","link":"/apparmor/apparmor/-/graphs/master/charts","link_classes":"shortcuts-repository-charts","is_active":false},{"id":"code_review","title":"Code review analytics","link":"/apparmor/apparmor/-/analytics/code_reviews","is_active":false},{"id":"issues","title":"Issue analytics","link":"/apparmor/apparmor/-/analytics/issues_analytics","is_active":false},{"id":"insights","title":"Insights","link":"/apparmor/apparmor/insights/","link_classes":"shortcuts-project-insights","is_active":false},{"id":"model_experiments","title":"Model experiments","link":"/apparmor/apparmor/-/ml/experiments","is_active":false}],"separated":false}],"current_context_header":"Project","support_path":"https://about.gitlab.com/get-help/","docs_path":"/help/docs","display_whats_new":true,"show_version_check":null,"search":{"search_path":"/search","issues_path":"/dashboard/issues","mr_path":"/dashboard/merge_requests","autocomplete_path":"/search/autocomplete","settings_path":"/search/settings","search_context":{"group":{"id":2118303,"name":"AppArmor","full_name":"AppArmor"},"group_metadata":{"issues_path":"/groups/apparmor/-/issues","mr_path":"/groups/apparmor/-/merge_requests"},"project":{"id":4484878,"name":"apparmor"},"project_metadata":{"mr_path":"/apparmor/apparmor/-/merge_requests","issues_path":"/apparmor/apparmor/-/issues"},"code_search":false,"scope":"wiki_blobs","for_snippets":null}},"panel_type":"project","shortcut_links":[{"title":"Snippets","href":"/explore/snippets","css_class":"dashboard-shortcuts-snippets"},{"title":"Groups","href":"/explore/groups","css_class":"dashboard-shortcuts-groups"},{"title":"Projects","href":"/explore/projects/starred","css_class":"dashboard-shortcuts-projects"}],"terms":"/-/users/terms"}"></aside> <div class="content-wrapper"> <div class="broadcast-wrapper"> </div> <div class="alert-wrapper alert-wrapper-top-space gl-flex gl-flex-col gl-gap-3 container-fluid container-limited"> <div class="gl-alert gl-alert-danger gl-alert-not-dismissible" role="alert"> <div class="gl-alert-icon-container"> <svg class="s16 gl-alert-icon gl-alert-icon-no-title" data-testid="error-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#error"></use></svg> </div> <div class="gl-alert-content" role="alert"> <div class="gl-alert-body"> GitLab may not work properly, because you are using an outdated web browser. <br> Please install a <a target="_blank" rel="noopener noreferrer" href="/help/install/requirements.md#supported-web-browsers">supported web browser</a> for a better experience. </div> </div> </div> </div> <div class="top-bar-fixed container-fluid" data-testid="top-bar"> <div class="top-bar-container gl-flex gl-items-center gl-gap-2"> <div class="gl-grow gl-basis-0 gl-flex gl-items-center gl-justify-start gl-gap-3"> <button class="gl-button btn btn-icon btn-md btn-default btn-default-tertiary js-super-sidebar-toggle-expand super-sidebar-toggle -gl-ml-3" aria-controls="super-sidebar" aria-expanded="false" aria-label="Primary navigation sidebar" type="button"><svg class="s16 gl-icon gl-button-icon " data-testid="sidebar-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#sidebar"></use></svg> </button> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AppArmor","item":"https://gitlab.com/apparmor"},{"@type":"ListItem","position":2,"name":"apparmor","item":"https://gitlab.com/apparmor/apparmor"},{"@type":"ListItem","position":3,"name":"Wiki","item":"https://gitlab.com/apparmor/apparmor/-/wikis/home"},{"@type":"ListItem","position":4,"name":"Profiling_with_tools","item":"https://gitlab.com/apparmor/apparmor/-/wikis/Profiling_with_tools"}]} </script> <div data-testid="breadcrumb-links" id="js-vue-page-breadcrumbs-wrapper"> <div data-breadcrumbs-json="[{"text":"AppArmor","href":"/apparmor","avatarPath":"/uploads/-/system/group/avatar/2118303/apparmor-red-diag_1w2h.png"},{"text":"apparmor","href":"/apparmor/apparmor","avatarPath":"/uploads/-/system/project/avatar/4484878/apparmor-red-diag_1w2h.png"},{"text":"Wiki","href":"/apparmor/apparmor/-/wikis/home","avatarPath":null},{"text":"Profiling_with_tools","href":"/apparmor/apparmor/-/wikis/Profiling_with_tools","avatarPath":null}]" id="js-vue-page-breadcrumbs"></div> <div id="js-injected-page-breadcrumbs"></div> </div> </div> <div class="gl-flex-none gl-flex gl-items-center gl-justify-center"> <div id="js-advanced-search-modal"></div> </div> <div class="gl-grow gl-basis-0 gl-flex gl-items-center gl-justify-end"> <div id="js-work-item-feedback"></div> </div> </div> </div> <div class="container-fluid container-limited limit-container-width project-highlight-puc"> <main class="content" id="content-body" itemscope itemtype="http://schema.org/SoftwareSourceCode"> <div class="flash-container flash-container-page sticky" data-testid="flash-container"> <div id="js-global-alerts"></div> </div> <div data-author-url="https://gitlab.com/smb" data-clone-http-url="https://gitlab.com/apparmor/apparmor.wiki.git" data-clone-ssh-url="git@gitlab.com:apparmor/apparmor.wiki.git" data-content-api="/api/v4/projects/4484878/wikis/Profiling_with_tools?version=620d1792f692f63ae57ef5af82c043b08bcfb883" data-edit-button-url="/apparmor/apparmor/-/wikis/Profiling_with_tools/edit" data-format-options="{"Markdown":"markdown","RDoc":"rdoc","AsciiDoc":"asciidoc","Org":"org"}" data-history-url="/apparmor/apparmor/-/wikis/Profiling_with_tools/history" data-is-page-historical="false" data-is-page-template="false" data-last-version="#<Commit:0x00007c188b37c588>" data-new-url="/apparmor/apparmor/-/wikis/new" data-page-heading="Profiling_with_tools" data-page-info="{"last_commit_sha":"0903bc11807dda9f47b1949a6e4a81a0fe918025","persisted":true,"title":"Profiling_with_tools","content":"Creating a new profile\n======================\n\nThe process and tools have been tested on Ubuntu 10.04 LTS with\nAppArmor 2.5.1.\n\nTest plan\n---------\n\nIn order to successfully profile a program so that it is usable for\nyou, you must exercise the program fully while using AppArmor in\ncomplain mode. For example, this will typically include:\n\n- Starting the application\n- Stopping the application\n- Restarting the application\n- Go through the man page or help and use all command-line options\n- Use different parts of the application. Eg, in the case of Evolution, you will want to test email, addressbook and calendars\n\nBasic process\n-------------\n\n1. If not using auditd, temporarily disable kernel rate limiting on logs:\n\n ```\n # sysctl -w kernel.printk_ratelimit=0\n ```\n\n2. Start aa-genprof in a terminal. E.G.:\n\n ```\n $ sudo aa-genprof \u003cpath to executable\u003e\n ```\n\n3. Execute your test plan (in another terminal if it is a terminal application)\n4. Go back to aa-genprof, and follow the instructions for updating policy\n5. Put the profile into complain mode and use aa-logprof to fine-tune the profile. The better the application was exercised to begin with, the less fine-tuning is required\n6. If the profile is in complain mode, put the profile into enforce mode with aa-enforce\n7. Monitor the logs (optionally using aa-notify) and adjust the profile manually as necessary\n\n### Caveats\n\nCurrently the tools do not properly utilize variables such as @{PROC},\nand @{HOME}, so you may want to adjust the profile after to use\nabstractions that the tools could not discover.\n\nIt is important to note that aa-logprof will only detect complaints\nwhen the application is exercised with the profile in complain mode. It\nwill not pick up denials from an enforcing profile (confirmed on\n2.5.1 - 2.7.0).\n\nExample: confining Evolution\n----------------------------\n\n1. Disable kernel rate limiting:\n\n ```\n $ sudo sysctl -w kernel.printk_ratelimit=0\n ```\n\n2. Start aa-genprof in a terminal. You will be prompted to access the profile repository. For now, disable it. Eg:\n\n ```\n $ sudo aa-genprof /usr/bin/evolution\n ```\n\n3. Execute the test plan (see above). In this case:\n - Start Evolution\n - Create an email account with the wizard\n - Get email\n - Send email\n - Print an email\n - Delete an email\n - Close evolution\n - Add a contact\n - Add a task\n - Add a memo\n - Add a calendar entry\n - Access a web calendar\n - use evolution --force-shutdown\n4. go back to aa-genprof, and follow the instructions for updating policy:\n 1. First, (S)can system logs\n 2. Then, (F)inish\n5. Put the profile into complain mode using 'aa-complain /etc/apparmor.d/usr.bin.evolution' then exercise the application more to fine-tune the profile\n6. Use aa-logprof to fine-tune the profile. The better the application was exercised to begin with, the less fine-tuning is required\n7. When satisfied, put the profile into enforce mode with aa-enforce\n8. Monitor the logs and adjust the profile manually as necessary\n\nAfter a pass with aa-genprof/aa-logprof in complain mode and then more fine-tuning with aa-logprof, the resulting profile is (with several new rules added for globbing):\n\n```\n # Last Modified: Mon Dec 20 21:43:45 2010\n #include \u003ctunables/global\u003e\n\n /usr/bin/evolution {\n #include \u003cabstractions/audio\u003e\n #include \u003cabstractions/base\u003e\n #include \u003cabstractions/fonts\u003e\n #include \u003cabstractions/gnome\u003e\n #include \u003cabstractions/nameservice\u003e\n #include \u003cabstractions/python\u003e\n\n deny /boot/initrd.img-2.6.32-26-generic r,\n deny /boot/vmlinuz-2.6.32-26-generic r,\n deny /etc/python2.6/sitecustomize.py r,\n deny owner /home/jamie/.bash_history r,\n deny owner /home/jamie/.bash_logout r,\n deny owner /home/jamie/.bashrc r,\n deny owner /home/jamie/.profile r,\n deny owner /home/jamie/.sudo_as_admin_successful r,\n deny owner /home/jamie/.xsession-errors r,\n\n /**/ r,\n /etc/timezone r,\n owner /home/*/.ICEauthority r,\n owner /home/*/.camel_certs/ w,\n owner /home/*/.camel_certs/* rw,\n owner /home/*/.config/enchant/ rw,\n owner /home/*/.config/enchant/* rwk,\n owner /home/*/.config/user-dirs.dirs r,\n owner /home/*/.esd_auth r,\n owner /home/*/.evolution/** rwlk,\n owner /home/*/.gnome2/accels/evolution rw,\n owner /home/*/.goutputstream-* rw,\n owner /home/*/.gtk-bookmarks r,\n owner /home/*/.pulse-cookie r,\n owner /home/*/.recently-used.xbel* rw,\n owner /home/*/Public/* w,\n /proc/filesystems r,\n /usr/bin/evince Ux,\n /usr/lib/evolution/2.28/killev cx,\n /usr/share/enchant/* r,\n /usr/share/evolution-data-server-*/** r,\n /usr/share/evolution/** r,\n /usr/share/gtkhtml-*/** r,\n /usr/share/hunspell/* r,\n /usr/share/xml/iso-codes/* r,\n /var/lib/dbus/machine-id r,\n\n profile /usr/lib/evolution/2.28/killev {\n #include \u003cabstractions/base\u003e\n #include \u003cabstractions/gnome\u003e\n #include \u003cabstractions/nameservice\u003e\n\n capability sys_ptrace,\n\n /**/ r,\n /bin/dash rix,\n /proc/*/cmdline r,\n /proc/*/stat r,\n /proc/filesystems r,\n /usr/bin/killall rix,\n }\n }\n```\n\nThe tools did not pick up a few abstractions that use variables, such as:\n\n- base: @{PROC}/filesystem\n- X: @{HOME}/.ICEauthority r,\n- audio: owner @{HOME}/.pulse-cookie rwk,\n- gnome: @{HOME}/.gtk-bookmarks r,\n- freedesktop.org: @{HOME}/.recently-used.xbel\\* rw\n\nAlso, there are a few 'deny' rules that aren't strictly required. These\ncould be hand edited, but the above demonstrates that while the tools\ndid not generate an optimized profile, they did generate a working\nprofile for Evolution. While the above works for the test cases given,\nit should not be considered a complete profile. Often you need to use\nthe application for several days or more to be sure there aren't any\nprofile bugs remaining.\n\nModifying an existing profile\n=============================\n\n- Monitor the system for AppArmor denials\n - dmesg, /var/log/kern.log, /var/log/messages, etc\n - aa-notify\n- Run aa-logprof in a terminal to update the policy, as necessary\n\n**NOTE:** the tools currently don't have a way to skip a rule at the\nmoment, so the may add in more 'deny' rules than you might want. Also,\nthe tools don't currently examine the 'Last Modified:' date in the\nprofile so anything in the current logs since the last rotation will\nkeep showing up in aa-logprof (which can be a problem if using an\nold logfile with a profile that uses abstractions with variable names\nthat aa-logprof won't recognize). The current workaround is to either\nhand edit or extract the logs from where you want aa-logprof to look,\nand then use `aa-logprof -f \u003clogfile\u003e`.\n","front_matter":{},"format":"markdown","uploads_path":"https://gitlab.com/api/v4/projects/4484878/wikis/attachments","slug":"Profiling_with_tools","path":"/apparmor/apparmor/-/wikis/Profiling_with_tools","wiki_path":"/apparmor/apparmor/-/wikis/home","help_path":"/help/user/project/wiki/_index.md","markdown_help_path":"/help/user/markdown.md","markdown_preview_path":"/apparmor/apparmor/-/wikis/Profiling_with_tools/preview_markdown","create_path":"/apparmor/apparmor/-/wikis"}" data-page-persisted="false" data-page-version="{"id":"0903bc11807dda9f47b1949a6e4a81a0fe918025","message":"Profiling_with_tools: initial markdown conversion\n","parent_ids":["2d58c6b17602ca30ca971616d99abaaadcd8b589"],"authored_date":"2017-11-08T01:55:55.000-08:00","author_name":"Steve Beattie","author_email":"steve.beattie@canonical.com","committed_date":"2017-11-08T01:55:55.000-08:00","committer_name":"Steve Beattie","committer_email":"steve.beattie@canonical.com","trailers":{},"extended_trailers":{},"referenced_by":[]}" data-show-edit-button="false" data-templates="[]" data-templates-url="/apparmor/apparmor/-/wikis/templates" data-testid="wiki-page-content-app" data-wiki-path="apparmor.wiki" data-wiki-url="/apparmor/apparmor/-/wikis/Profiling_with_tools" id="js-vue-wiki-content-app"></div> <div data-container-id="4484878" data-container-type="project" data-current-user-data="null" data-markdown-preview-path="/apparmor/apparmor/-/preview_markdown" data-noteable-type="Wiki" data-notes-filters="{"Show all activity":0,"Show comments only":1,"Show history only":2}" data-page-info="{"last_commit_sha":"0903bc11807dda9f47b1949a6e4a81a0fe918025","persisted":true,"title":"Profiling_with_tools","content":"Creating a new profile\n======================\n\nThe process and tools have been tested on Ubuntu 10.04 LTS with\nAppArmor 2.5.1.\n\nTest plan\n---------\n\nIn order to successfully profile a program so that it is usable for\nyou, you must exercise the program fully while using AppArmor in\ncomplain mode. For example, this will typically include:\n\n- Starting the application\n- Stopping the application\n- Restarting the application\n- Go through the man page or help and use all command-line options\n- Use different parts of the application. Eg, in the case of Evolution, you will want to test email, addressbook and calendars\n\nBasic process\n-------------\n\n1. If not using auditd, temporarily disable kernel rate limiting on logs:\n\n ```\n # sysctl -w kernel.printk_ratelimit=0\n ```\n\n2. Start aa-genprof in a terminal. E.G.:\n\n ```\n $ sudo aa-genprof \u003cpath to executable\u003e\n ```\n\n3. Execute your test plan (in another terminal if it is a terminal application)\n4. Go back to aa-genprof, and follow the instructions for updating policy\n5. Put the profile into complain mode and use aa-logprof to fine-tune the profile. The better the application was exercised to begin with, the less fine-tuning is required\n6. If the profile is in complain mode, put the profile into enforce mode with aa-enforce\n7. Monitor the logs (optionally using aa-notify) and adjust the profile manually as necessary\n\n### Caveats\n\nCurrently the tools do not properly utilize variables such as @{PROC},\nand @{HOME}, so you may want to adjust the profile after to use\nabstractions that the tools could not discover.\n\nIt is important to note that aa-logprof will only detect complaints\nwhen the application is exercised with the profile in complain mode. It\nwill not pick up denials from an enforcing profile (confirmed on\n2.5.1 - 2.7.0).\n\nExample: confining Evolution\n----------------------------\n\n1. Disable kernel rate limiting:\n\n ```\n $ sudo sysctl -w kernel.printk_ratelimit=0\n ```\n\n2. Start aa-genprof in a terminal. You will be prompted to access the profile repository. For now, disable it. Eg:\n\n ```\n $ sudo aa-genprof /usr/bin/evolution\n ```\n\n3. Execute the test plan (see above). In this case:\n - Start Evolution\n - Create an email account with the wizard\n - Get email\n - Send email\n - Print an email\n - Delete an email\n - Close evolution\n - Add a contact\n - Add a task\n - Add a memo\n - Add a calendar entry\n - Access a web calendar\n - use evolution --force-shutdown\n4. go back to aa-genprof, and follow the instructions for updating policy:\n 1. First, (S)can system logs\n 2. Then, (F)inish\n5. Put the profile into complain mode using 'aa-complain /etc/apparmor.d/usr.bin.evolution' then exercise the application more to fine-tune the profile\n6. Use aa-logprof to fine-tune the profile. The better the application was exercised to begin with, the less fine-tuning is required\n7. When satisfied, put the profile into enforce mode with aa-enforce\n8. Monitor the logs and adjust the profile manually as necessary\n\nAfter a pass with aa-genprof/aa-logprof in complain mode and then more fine-tuning with aa-logprof, the resulting profile is (with several new rules added for globbing):\n\n```\n # Last Modified: Mon Dec 20 21:43:45 2010\n #include \u003ctunables/global\u003e\n\n /usr/bin/evolution {\n #include \u003cabstractions/audio\u003e\n #include \u003cabstractions/base\u003e\n #include \u003cabstractions/fonts\u003e\n #include \u003cabstractions/gnome\u003e\n #include \u003cabstractions/nameservice\u003e\n #include \u003cabstractions/python\u003e\n\n deny /boot/initrd.img-2.6.32-26-generic r,\n deny /boot/vmlinuz-2.6.32-26-generic r,\n deny /etc/python2.6/sitecustomize.py r,\n deny owner /home/jamie/.bash_history r,\n deny owner /home/jamie/.bash_logout r,\n deny owner /home/jamie/.bashrc r,\n deny owner /home/jamie/.profile r,\n deny owner /home/jamie/.sudo_as_admin_successful r,\n deny owner /home/jamie/.xsession-errors r,\n\n /**/ r,\n /etc/timezone r,\n owner /home/*/.ICEauthority r,\n owner /home/*/.camel_certs/ w,\n owner /home/*/.camel_certs/* rw,\n owner /home/*/.config/enchant/ rw,\n owner /home/*/.config/enchant/* rwk,\n owner /home/*/.config/user-dirs.dirs r,\n owner /home/*/.esd_auth r,\n owner /home/*/.evolution/** rwlk,\n owner /home/*/.gnome2/accels/evolution rw,\n owner /home/*/.goutputstream-* rw,\n owner /home/*/.gtk-bookmarks r,\n owner /home/*/.pulse-cookie r,\n owner /home/*/.recently-used.xbel* rw,\n owner /home/*/Public/* w,\n /proc/filesystems r,\n /usr/bin/evince Ux,\n /usr/lib/evolution/2.28/killev cx,\n /usr/share/enchant/* r,\n /usr/share/evolution-data-server-*/** r,\n /usr/share/evolution/** r,\n /usr/share/gtkhtml-*/** r,\n /usr/share/hunspell/* r,\n /usr/share/xml/iso-codes/* r,\n /var/lib/dbus/machine-id r,\n\n profile /usr/lib/evolution/2.28/killev {\n #include \u003cabstractions/base\u003e\n #include \u003cabstractions/gnome\u003e\n #include \u003cabstractions/nameservice\u003e\n\n capability sys_ptrace,\n\n /**/ r,\n /bin/dash rix,\n /proc/*/cmdline r,\n /proc/*/stat r,\n /proc/filesystems r,\n /usr/bin/killall rix,\n }\n }\n```\n\nThe tools did not pick up a few abstractions that use variables, such as:\n\n- base: @{PROC}/filesystem\n- X: @{HOME}/.ICEauthority r,\n- audio: owner @{HOME}/.pulse-cookie rwk,\n- gnome: @{HOME}/.gtk-bookmarks r,\n- freedesktop.org: @{HOME}/.recently-used.xbel\\* rw\n\nAlso, there are a few 'deny' rules that aren't strictly required. These\ncould be hand edited, but the above demonstrates that while the tools\ndid not generate an optimized profile, they did generate a working\nprofile for Evolution. While the above works for the test cases given,\nit should not be considered a complete profile. Often you need to use\nthe application for several days or more to be sure there aren't any\nprofile bugs remaining.\n\nModifying an existing profile\n=============================\n\n- Monitor the system for AppArmor denials\n - dmesg, /var/log/kern.log, /var/log/messages, etc\n - aa-notify\n- Run aa-logprof in a terminal to update the policy, as necessary\n\n**NOTE:** the tools currently don't have a way to skip a rule at the\nmoment, so the may add in more 'deny' rules than you might want. Also,\nthe tools don't currently examine the 'Last Modified:' date in the\nprofile so anything in the current logs since the last rotation will\nkeep showing up in aa-logprof (which can be a problem if using an\nold logfile with a profile that uses abstractions with variable names\nthat aa-logprof won't recognize). The current workaround is to either\nhand edit or extract the logs from where you want aa-logprof to look,\nand then use `aa-logprof -f \u003clogfile\u003e`.\n","front_matter":{},"format":"markdown","uploads_path":"https://gitlab.com/api/v4/projects/4484878/wikis/attachments","slug":"Profiling_with_tools","path":"/apparmor/apparmor/-/wikis/Profiling_with_tools","wiki_path":"/apparmor/apparmor/-/wikis/home","help_path":"/help/user/project/wiki/_index.md","markdown_help_path":"/help/user/markdown.md","markdown_preview_path":"/apparmor/apparmor/-/wikis/Profiling_with_tools/preview_markdown","create_path":"/apparmor/apparmor/-/wikis"}" data-register-path="/users/sign_up?redirect_to_referer=yes" data-report-abuse-path="/-/abuse_reports/add_category" data-sign-in-path="/users/sign_in?redirect_to_referer=yes" data-testid="wiki-notes-app" id="js-vue-wiki-notes-app"></div> <aside aria-label="Wiki" class="right-sidebar right-sidebar-expanded wiki-sidebar js-wiki-sidebar js-right-sidebar gl-hidden" data-offset-top="50" data-spy="affix"> <div class="js-wiki-sidebar-resizer"></div> <div class="sidebar-container"> <div class="block gl-mb-3 gl-mx-5 gl-mt-5 gl-block sm:gl-hidden !gl-pt-0"> <a class="gutter-toggle gl-float-right gl-block md:gl-hidden js-sidebar-wiki-toggle" href="#"> <svg class="s16 gl-icon" data-testid="chevron-double-lg-right-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#chevron-double-lg-right"></use></svg> </a> </div> <div class="js-wiki-toc"></div> <div class="blocks-container !gl-px-3 !gl-my-5"> <div class="gl-flex gl-place-content-between gl-items-center gl-pb-3 gl-pr-1 js-wiki-expand-pages-list wiki-list collapsed gl-pl-0"> <div class="gl-flex gl-items-center"> <button class="gl-button btn btn-icon btn-sm btn-default btn-default-tertiary js-wiki-list-expand-button wiki-list-expand-button gl-mr-2" data-testid="expand-pages-list" type="button"><svg class="s16 gl-icon gl-button-icon " data-testid="chevron-right-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#chevron-right"></use></svg> </button> <button class="gl-button btn btn-icon btn-sm btn-default btn-default-tertiary js-wiki-list-collapse-button wiki-list-collapse-button gl-mr-2" data-testid="expand-pages-list" type="button"><svg class="s16 gl-icon gl-button-icon " data-testid="chevron-down-icon"><use href="/assets/icons-aa2c8ddf99d22b77153ca2bb092a23889c12c597fc8b8de94b0f730eb53513f6.svg#chevron-down"></use></svg> </button> <h2 class="gl-text-lg gl-my-0 gl-mr-3">Pages</h2> <span class="gl-badge badge badge-pill badge-muted"><span class="gl-badge-content">428</span></span> </div> </div> <div data-can-create="false" data-has-custom-sidebar="true" data-view-all-pages-path="/apparmor/apparmor/-/wikis/pages" id="js-wiki-sidebar-entries"></div> <div class="gl-px-4 gl-pt-4 gl-pb-2"> <h4 data-sourcepos="1:1-1:66" dir="auto">
<a href="#apparmor" aria-hidden="true" class="anchor" id="user-content-apparmor"></a><a data-sourcepos="1:6-1:66" href="https://gitlab.com/apparmor/apparmor/-/wikis/home">AppArmor</a>
</h4>
<ul data-sourcepos="3:1-19:0" dir="auto">
<li data-sourcepos="3:1-3:61"><a data-sourcepos="3:3-3:61" href="https://gitlab.com/apparmor/apparmor/-/wikis/About">About</a></li>
<li data-sourcepos="4:1-4:67"><a data-sourcepos="4:3-4:67" href="https://gitlab.com/apparmor/apparmor/-/wikis/Profiles">Profiles</a></li>
<li data-sourcepos="5:1-12:104">
<a data-sourcepos="5:3-5:77" href="https://gitlab.com/apparmor/apparmor/-/wikis/Documentation">Documentation</a>
<ul data-sourcepos="6:3-12:104">
<li data-sourcepos="6:3-6:37"><a data-sourcepos="6:5-6:37" href="/apparmor/apparmor/-/wikis/GettingStarted" data-canonical-src="GettingStarted">Getting started</a></li>
<li data-sourcepos="7:3-7:68"><a data-sourcepos="7:5-7:68" href="/apparmor/apparmor/-/wikis/QuickProfileLanguage" data-canonical-src="QuickProfileLanguage">Quick guide to AppArmor profile language</a></li>
<li data-sourcepos="8:3-8:45"><a data-sourcepos="8:5-8:45" href="/apparmor/apparmor/-/wikis/AppArmorMonitoring" data-canonical-src="AppArmorMonitoring">Monitoring AppArmor</a></li>
<li data-sourcepos="9:3-9:71"><a data-sourcepos="9:5-9:71" href="/apparmor/apparmor/-/wikis/Policy_Layout" data-canonical-src="Policy_Layout">AppArmor configuration and policy directory layout</a></li>
<li data-sourcepos="10:3-10:69"><a data-sourcepos="10:5-10:69" href="/apparmor/apparmor/-/wikis/AppArmor_Failures" data-canonical-src="AppArmor_Failures">Determining if AppArmor is causing a problem</a></li>
<li data-sourcepos="11:3-11:37"><a data-sourcepos="11:5-11:37" href="/apparmor/apparmor/-/wikis/FAQ" data-canonical-src="FAQ">Frequently Asked Questions</a></li>
<li data-sourcepos="12:3-12:104"><a data-sourcepos="12:5-12:104" href="https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference">Core Policy Reference</a></li>
</ul>
</li>
<li data-sourcepos="13:1-16:79">How To Contribute
<ul data-sourcepos="14:3-16:79">
<li data-sourcepos="14:3-14:78"><a data-sourcepos="14:5-14:78" href="https://gitlab.com/apparmor/apparmor/-/wikis/CommitPolicy">Commit Policy</a></li>
<li data-sourcepos="15:3-15:73"><a data-sourcepos="15:5-15:73" href="https://gitlab.com/apparmor/apparmor/-/wikis/Versioning">Versioning</a></li>
<li data-sourcepos="16:3-16:79"><a data-sourcepos="16:5-16:79" href="https://gitlab.com/apparmor/apparmor/-/wikis/Coding%20Style">Coding Style</a></li>
</ul>
</li>
<li data-sourcepos="17:1-17:84"><a data-sourcepos="17:3-17:84" href="https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_versions">Release Versions</a></li>
<li data-sourcepos="18:1-19:0"><a data-sourcepos="18:3-18:77" href="https://gitlab.com/apparmor/apparmor/-/wikis/MeetingAgenda">Meeting Notes</a></li>
</ul>
<p data-sourcepos="20:1-20:77" dir="auto"><a data-sourcepos="20:1-20:77" href="https://gitlab.com/apparmor/apparmor/-/wikis/pages"><strong data-sourcepos="20:2-20:24">View All Wiki Pages</strong></a></p> </div> </div> </div> </aside> </main> </div> </div> </div> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ if ('loading' in HTMLImageElement.prototype) { document.querySelectorAll('img.lazy').forEach(img => { img.loading = 'lazy'; let imgUrl = img.dataset.src; // Only adding width + height for avatars for now if (imgUrl.indexOf('/avatar/') > -1 && imgUrl.indexOf('?') === -1) { const targetWidth = img.getAttribute('width') || img.width; imgUrl += `?width=${targetWidth}`; } img.src = imgUrl; img.removeAttribute('data-src'); img.classList.remove('lazy'); img.classList.add('js-lazy-loaded'); img.dataset.testid = 'js-lazy-loaded-content'; }); } //]]> </script> <script nonce="66USbx/BOSTc/Mm+EpdiyQ=="> //<![CDATA[ gl = window.gl || {}; gl.experiments = {}; //]]> </script> </body> </html>