AppArmorPolicyNamespaceManagement

From AppArmor
Jump to: navigation, search

Related Documents

AppArmor Policy Table of Contents

AppArmor Policy Namespaces Table of Contents

Managing Policy in a Namespace

For tasks in a policy namespace profiles management is no different than regular profile management, as the namespace appears to be the root policy namespace to that task.

Eg.

 apparmor_parser profile
 apparmor_parser -r profile
 apparmor_parser -R profile

For more details see AppArmor policy management.

The management of policy for a child namespace is handled through the same means as regular policy management, however the namespace must also be specified. The namespace can be specified using the tools or in policy, depending on the needs of the policy.

To specify the namespace in the tools the -n flag is used

 apparmor_parser -r -n namespace profile

To specify the namespace in policy the namespace is specified as part of the profile name, and then the profile is loaded through using a regular load

 profile :namespace:A {
   ..
 }
 apparmor_parser -r profile

A task with the namespace set as its current namespace can just replace profiles as normal.

 apparmor_parser -r profile