We (used to?) ship a tool 'autodep' (perhaps renamed aa-autodep?) that would parse the output of ldd on a binary and spit out a profile for the application, ensuring the libraries were covered.
You can replace a single profile with apparmor_parser --reload /etc/apparmor.d/path.to.profile. I like using vim's % to represent a file name and run this while editing a profile. Be sure to :w the file first: :!apparmor_parser --reload % -----Original Message----- From: Alex Coventry <throwa...@mit.edu> Sender: apparmor-boun...@lists.ubuntu.com Date: Fri, 09 Dec 2011 13:11:41 To: <apparmor@lists.ubuntu.com> Subject: [apparmor] Minimal apparmor profile Hi, does anyone have the minimal profile necessary to allow a gcc-compiled hello-world program to run on ubuntu? Alternatively, is there a quick way to reload a single profile, without restarting apparmor? It would be pretty easy to figure the minimal ruleset out by sucessively trimming entries from abstractions/base, given that. Also, is there an apparmor rule allowing the prctl syscall? Best regards, Alex -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor