Spaces:
Sleeping
Sleeping
| parser.conf is a global AppArmor config file for the apparmor_parser | |
| # It can be used to specify the default options for the parser, which | |
| can then be overriden by options passed on the command line. | |
| # Leading whitespace is ignored and lines that begin with # are treated | |
| as comments. | |
| # Config options are specified one per line using the same format as the | |
| longform command line options (without the preceding --). | |
| # If a value is specified twice the last version to appear is used. | |
| # Suppress Warnings | |
| quiet | |
| # Be verbose | |
| verbose | |
| # Set additional include path | |
| Include /etc/apparmor.d/ | |
| or | |
| Include /usr/share/apparmor | |
| # Set location of apparmor filesystem | |
| subdomainfs /sys/kernel/security/apparmor | |
| # Set match-string to use - for forcing compiler to treat different kernels | |
| # the same | |
| match-string "pattern=aadfa audit perms=crwxamlk/ user::other" | |
| # Turn creating/updating of the cache on by default | |
| write-cache | |
| # Show cache hits | |
| show-cache | |
| # skip cached policy | |
| skip-cache | |
| # skip reading cache but allow updating | |
| skip-read-cache | |
| ### Set Optimizaions. Multiple Optimizations can be set, one per line #### | |
| For supported optimizations see | |
| apparmor_parser --help=O | |
| # Turn on equivalence classes | |
| equiv | |
| # Turn off expr tree simplification | |
| Optimize=no-expr-simplify | |
| # Turn off DFA minimization | |
| Optimize=no-minimize | |
| # Adjust compression | |
| Optimize=compress-small | |
| Optimize=compress-fast | |
| ## The policy-features abi rule pins policy that does not have an abi | |
| ## rule to a given feature ABI. This enables apparmor 2.x developed | |
| ## policy to be used in AppArmor 3.x without the warning | |
| ## Warning from stdin (stdin line 1): apparmor_parser: File 'example' | |
| ## missing feature abi, falling back to default policy feature abi. | |
| ## For more info please see | |
| ## https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorpolicyfeaturesabi | |
| ## Turn off abi rule warnings without pinning the abi | |
| warn=no-abi | |
| ## Only a single feature ABI rule should be used at a time. | |
| # Pin older policy to the 5.4 kernel abi | |
| policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla | |
| # Pin older policy to the 5.4 kernel abi + out of tree network and af_unix | |
| policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network | |