commands.sh

apparmor_parser

linux

Load, compile, and manage AppArmor security profiles.

More info →

Options (11)

-a, --addboolean

Load a profile into the kernel

Example: sudo apparmor_parser {{[-a|--add]}} {{profile_file}}
-r, --replaceboolean

Replace an existing profile

Example: sudo apparmor_parser {{[-r|--replace]}} {{profile_file}}
-R, --removeboolean

Remove a profile from the kernel

Example: sudo apparmor_parser {{[-R|--remove]}} {{profile_name}}
-C, --complainboolean

Load a profile in complain mode (logs violations but doesn't block)

Example: sudo apparmor_parser {{[-C|--complain]}} {{[-r|--replace]}} {{path/to/profile}}
-p, --preprocessboolean

Preprocess a profile (resolve includes) and write binary cache to file

Example: apparmor_parser {{[-p|--preprocess]}} {{[-o|--ofile]}} {{path/to/output.cache}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}
-o, --ofileboolean

Preprocess a profile (resolve includes) and write binary cache to file

Example: apparmor_parser {{[-p|--preprocess]}} {{[-o|--ofile]}} {{path/to/output.cache}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}
-Q, --skip-kernel-loadboolean

Preprocess a profile (resolve includes) and write binary cache to file

Example: apparmor_parser {{[-p|--preprocess]}} {{[-o|--ofile]}} {{path/to/output.cache}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}
-S, --stdoutboolean

Preprocess and print binary profile to `stdout` without loading

Example: apparmor_parser {{[-p|--preprocess]}} {{[-S|--stdout]}} {{[-Q|--skip-kernel-load]}} {{path/to/profile}}
-T, --skip-read-cacheboolean

Replace a profile while skipping cache reads

Example: sudo apparmor_parser {{[-r|--replace]}} {{[-T|--skip-read-cache]}} {{path/to/profile}}
-W, --write-cacheboolean

Replace a profile, rebuild cache, and write it to a custom directory

Example: sudo apparmor_parser {{[-r|--replace]}} {{[-W|--write-cache]}} {{[-L|--cache-loc]}} /{{path/to/cache}} {{path/to/profile}}
-L, --cache-locboolean

Replace a profile, rebuild cache, and write it to a custom directory

Example: sudo apparmor_parser {{[-r|--replace]}} {{[-W|--write-cache]}} {{[-L|--cache-loc]}} /{{path/to/cache}} {{path/to/profile}}

Examples (8)

Load a profile into the kernel

sudo apparmor_parser [-a|--add] profile_file

Replace an existing profile

sudo apparmor_parser [-r|--replace] profile_file

Remove a profile from the kernel

sudo apparmor_parser [-R|--remove] profile_name

Load a profile in complain mode (logs violations but doesn't block)

sudo apparmor_parser [-C|--complain] [-r|--replace] path/to/profile

Preprocess a profile (resolve includes) and write binary cache to file

apparmor_parser [-p|--preprocess] [-o|--ofile] path/to/output.cache [-Q|--skip-kernel-load] path/to/profile

Preprocess and print binary profile to `stdout` without loading

apparmor_parser [-p|--preprocess] [-S|--stdout] [-Q|--skip-kernel-load] path/to/profile

Replace a profile while skipping cache reads

sudo apparmor_parser [-r|--replace] [-T|--skip-read-cache] path/to/profile

Replace a profile, rebuild cache, and write it to a custom directory

sudo apparmor_parser [-r|--replace] [-W|--write-cache] [-L|--cache-loc] /path/to/cache path/to/profile
made by @shridhargupta | data from tldr-pages