diff --git a/docs/enforce.md b/docs/enforce.md index c332f5a62..cf99a2e5e 100644 --- a/docs/enforce.md +++ b/docs/enforce.md @@ -4,14 +4,29 @@ title: Enforce Mode # Enforce Mode -The default package configuration installs all profiles in *complain* mode. -Once you tested have them and it works fine, you can easily switch to *enforce* mode. -To do this, edit `PKGBUILD` on Archlinux or `debian/rules` on Debian and remove -the `--complain` option to the configure script. Then build the package as usual: +The default package configuration installs all profiles in *complain* mode. This is a safety measure to ensure you are not going to break your system on initial install. Once you have tested it and it works fine, you can easily switch to *enforce* mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory. + +!!! warning + + When reporting issue. Please ensure the profiles are in complain mode + +#### :material-arch: Archlinux + +In `PKGBUILD`, replace `make` by `make enforce`: ```diff -- ./configure --complain -+ ./configure +- make ++ make enforce ``` -Do not worry, the profiles that are not considered stable are kept in complain mode. -They can be tracked in the [`dists/flags`](https://github.com/roddhjav/apparmor.d/tree/main/dists/flags) directory. +#### :material-ubuntu: Ubuntu & :material-debian: Debian + +In `debian/rules`, add the following lines: + +```make +override_dh_auto_build: + make enforce +``` + +#### :simple-suse: OpenSUSE & Partial install + +Use the `make enforce` command to build instead of `make` diff --git a/docs/install.md b/docs/install.md index 155f82117..55f13bacb 100644 --- a/docs/install.md +++ b/docs/install.md @@ -39,11 +39,11 @@ makepkg -si !!! note - The following Archlinux based distributions are supported: + If your Archlinux based distribution is not recognized, force it with: + ```sh + DISTRIBUTION=arch makepkg -si + ``` - - [x] CachyOS - - [x] EndeavourOS - - [x] :material-manjaro: Manjaro Linux ## :material-ubuntu: Ubuntu & :material-debian: Debian @@ -63,7 +63,6 @@ sudo dpkg -i ../apparmor.d_*_all.deb Build and install from source: ```sh -./configure --complain make sudo make install sudo systemctl restart apparmor @@ -80,7 +79,6 @@ For test purposes, you can install specific profiles with the following commands Abstractions, tunables, and most of the OS dependent post-processing is managed. ```sh -./configure --complain make sudo make profile-names... ``` diff --git a/docs/report.md b/docs/report.md index 0507abc7b..e4ac5f6b8 100644 --- a/docs/report.md +++ b/docs/report.md @@ -7,6 +7,9 @@ title: Report AppArmor logs The **[aa-log](/usage/#apparmor-log)** tool reports all AppArmor `DENIED` and `ALLOWED`. It should be used to fix AppArmor related issues. +While testing, if something get wrong, you need to put the profile in complain mode, +to that you can investigate and it does not block your program. + When creating [an issue on Github][newissue]. Please ensure you post a link to the [paste] of the AppArmor audit log: `/var/log/audit/audit.log`.