mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 10:07:12 +00:00
107 lines
2.7 KiB
Plaintext
107 lines
2.7 KiB
Plaintext
# This publication is intellectual property of Canonical Ltd. Its contents
|
|
# can be duplicated, either in part or in whole, provided that a copyright
|
|
# label is visibly located on each copy.
|
|
#
|
|
# All information found in this book has been compiled with utmost
|
|
# attention to detail. However, this does not guarantee complete accuracy.
|
|
# Neither Canonical Ltd, the authors, nor the translators shall be held
|
|
# liable for possible errors or the consequences thereof.
|
|
#
|
|
# Many of the software and hardware descriptions cited in this book
|
|
# are registered trademarks. All trade names are subject to copyright
|
|
# restrictions and may be registered trade marks. Canonical Ltd
|
|
# essentially adheres to the manufacturer's spelling.
|
|
#
|
|
# Names of products and trademarks appearing in this book (with or without
|
|
# specific notation) are likewise subject to trademark and trade protection
|
|
# laws and may thus fall under copyright restrictions.
|
|
#
|
|
|
|
|
|
=pod
|
|
|
|
=head1 NAME
|
|
|
|
aa-show-usage - Check which profiles are used
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<aa-show-usage> [option]
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
B<aa-show-usage> will display data on the usage of the profiles of the system
|
|
|
|
=head1 OPTIONS
|
|
|
|
B<aa-show-usage> accepts the following arguments:
|
|
|
|
=over 4
|
|
|
|
=item -s, --show-type {all,used,unused}
|
|
|
|
Type of profiles to show
|
|
|
|
=item -j, --json
|
|
|
|
Output in JSON
|
|
|
|
=item -d, --dir
|
|
|
|
Path to profiles
|
|
|
|
=item --show-matching-path
|
|
|
|
Show the path of a file matching the profile. Only the first matching path of an executable is shown (not the whole list).
|
|
|
|
=back
|
|
|
|
=head1 FILTERING OPTIONS
|
|
|
|
B<aa-show-usage> accepts the following filters to reduce the output of information to only those entries that will match the filter. Filters use Python's regular expression syntax.
|
|
|
|
=over 4
|
|
|
|
=item --filter.flags FLAGS
|
|
|
|
Filter by flags
|
|
|
|
=item --filter.profile_name PROFILE_NAME
|
|
|
|
Filter by profile name
|
|
|
|
=item --filter.profile_attach PROFILE_ATTACH
|
|
|
|
Filter by profile attachment (i.e. by path of the executable to which this profile applies)
|
|
|
|
=item --filter.profile_path PROFILE_PATH
|
|
|
|
Filter by profile path
|
|
|
|
=back
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Show both the list of used and unused profiles in your system.
|
|
|
|
$ aa-show-usage
|
|
|
|
Show the list of unconfined profiles currently used by your system.
|
|
|
|
$ aa-show-usage --show-type=used --filter.flags=unconfined
|
|
|
|
=head1 BUGS
|
|
|
|
B<aa-show-usage> needs to be able to read profiles to tell whether they are used in practice.
|
|
|
|
B<aa-show-usage> will only report directly used profiles. Profiles used via profile transitions, systemd's B<AppArmorProfile=>, or API call such as B<aa-exec> are not shown as used.
|
|
|
|
|
|
If you find any additional bugs, please report them at L<https://gitlab.com/apparmor/apparmor/-/issues>.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
apparmor(7)
|
|
|
|
=cut
|