felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: some clarrification.

Browse source
This commit is contained in:
Alexandre Pujol 2023-04-24 12:18:57 +01:00
parent 9727d1ce1f
commit 1223b70467
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 28 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/development/structure.md
View file

@ -191,9 +191,7 @@ dynamically by the kernel. Therefore, the full range must be allowed:
*Source: [AppArmor Wiki][apparmor-wiki]*
This feature is only enabled when the `--full` option is passed to
the `configure` script. The profiles for full system policies are maintained in
the **[`_full`][_full]** group. It consists of two extra main profiles:
This feature is only enabled when the profiles are built with `make full`. The profiles for full system policies are maintained in the **[`_full`][_full]** group. It consists of two extra main profiles:
1. **`init`**: For systemd as PID 1
2. **`systemd`**: For systemd as user
@ -201,6 +199,11 @@ the **[`_full`][_full]** group. It consists of two extra main profiles:
All core required applications that need to be started by systemd (both as user
or root) need to be present in these profiles.
Early policy load should also be enabled. In `/etc/apparmor/parser.conf`
```
cache-loc /etc/apparmor/earlypolicy/
```
!!! danger
Full system policy is still under early development, do not run it outside a