aa-enforce

Enable a profile in enforce mode

$ sudo aa-enforce [path/to/profile]

$ sudo aa-enforce [path/to/profile1] [path/to/profile2]

$ sudo aa-enforce -d [path/to/profiles]

aa-enforce executable [executable ...] [-d /path/to/profiles] [--no-reload]

aa-enforce sets one or more AppArmor security profiles to enforce mode, which is the default and most secure mode. In enforce mode, security policy is strictly applied and any access violations are blocked and logged.
This command reverses the effects of aa-complain (which sets complain mode) and aa-disable (which unloads profiles).

-d, --dir /path/to/profiles

Specifies the directory containing AppArmor profiles; defaults to /etc/apparmor.d

Do not reload the profile after modifying it

Enabling enforce mode on a profile that hasn't been properly tested may cause applications to malfunction if the profile is too restrictive.

Part of the AppArmor utilities package for managing application security profiles on Linux systems.

aa-complain(8), aa-disable(8), aa-status(8), apparmor(7)