aa-enforce

Enable profile

$ sudo aa-enforce [path/to/profile]

$ sudo aa-enforce --dir [path/to/profile]

aa-enforce <executable> [<executable> ...] [-d /path/to/profiles] [--no-reload]

-d --dir / path/to/profiles

Specifies where to look for the AppArmor security profile set. Defaults to /etc/apparmor.d.

--no-reload Do not reload the profile after modifying it.

aa-enforce is used to set one or more profiles to enforce mode. This command is only relevant in conjunction with the aa-complain utility which sets a profile to complain mode and the aa-disable utility which unloads and disables a profile. The default mode for a security policy is enforce and the aa-complain utility must be run to change this behavior.

If you find any bugs, please report them at <https://gitlab.com/apparmor/apparmor/-/issues>.

apparmor (7), apparmor.d (5), aa-complain (1), aa-disable (1), aa_change_hat (2), and <https://wiki.apparmor.net>.