Linux command
aa-enforce 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Enable
sudo aa-enforce [path/to/profile]
Example
sudo aa-enforce [path/to/profile1] [path/to/profile2]
Example
sudo aa-enforce -d [path/to/profiles]
说明
aa-enforce sets one or more AppArmor security profiles to enforce mode, which is the default and most secure mode. In enforce mode, security policy is strictly applied and any access violations are blocked and logged. This command reverses the effects of aa-complain (which sets complain mode) and aa-disable (which unloads profiles).
参数
- -d, --dir /path/to/profiles
- Specifies the directory containing AppArmor profiles; defaults to /etc/apparmor.d
- --no-reload
- Do not reload the profile after modifying it
FAQ
What is the aa-enforce command used for?
aa-enforce sets one or more AppArmor security profiles to enforce mode, which is the default and most secure mode. In enforce mode, security policy is strictly applied and any access violations are blocked and logged. This command reverses the effects of aa-complain (which sets complain mode) and aa-disable (which unloads profiles).
How do I run a basic aa-enforce example?
Run `sudo aa-enforce [path/to/profile]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d, --dir /path/to/profiles do in aa-enforce?
Specifies the directory containing AppArmor profiles; defaults to /etc/apparmor.d