aa-autodep - guess basic AppArmor profile requirements

aa-autodep <executable> [<executable> ...] [-d /path/to/profiles] [-f]

-d --dir /path/to/profiles

Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.

-f --force

Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.

aa-autodep is used to generate a minimal AppArmor profile for a set of executables. This program will generate a profile for binary executable as well as interpreted script programs. At a minimum aa-autodep will provide a base profile containing a base include directive which includes basic profile entries needed by most programs. The profile is generated by recursively calling ldd(1) on the executables listed on the command line.

The --force option will overwrite any existing profile for the executable with the newly generated minimal AppArmor profile.

This program does not perform full static analysis of executables, so the profiles generated are necessarily incomplete. If you find any bugs, please report them at https://gitlab.com/apparmor/apparmor/-/issues.

apparmor(7), apparmor.d(5), aa-complain(1), aa-enforce(1), aa-disable(1), aa_change_hat(2), and https://wiki.apparmor.net.

2024-02-02 AppArmor 3.1.7