aa-genprof

aa-genprof executable [-d /path/to/profiles] [-f /path/to/logfile]

aa-genprof is a profile generation utility for AppArmor that automates the creation of security profiles by monitoring program behavior. If no profile exists, it creates one using aa-autodep. It then sets the profile to complain mode, writes a mark to the system log, and instructs the user to exercise the application in another window.
When the user selects (S)can, aa-genprof parses complain mode logs and iterates through violations using aa-logprof. When (F)inish is selected, all generated profiles are set to enforce mode.

-d, --dir /path/to/profiles

Specifies where to look for the AppArmor security profile set; defaults to /etc/apparmor.d

Specifies the location of the logfile; default locations are read from /etc/apparmor/logprof.conf

Display help information

/etc/apparmor/logprof.conf

Controls default logfile location, repository settings, and other options used during profile generation.

Profile generation requires running the target application through all its normal operations to capture the necessary access patterns. Incomplete testing may result in profiles that block legitimate functionality. Requires root privileges.

Part of the apparmor-utils package for managing application security profiles on Linux systems.

aa-logprof(8), aa-enforce(8), aa-complain(8), aa-disable(8), aa-mergeprof(8), aa-status(8), aa-unconfined(8), apparmor(7)