Provided by: apparmor_2.10.95-0ubuntu2.6~14.04.4_amd64 bug


       /etc/apparmor/subdomain.conf - configuration file for fine-tuning the behavior of the
       AppArmor security tool.


       The AppArmor security tool can be configured to have certain default behaviors based on
       configuration options set in subdomain.conf. There are two variables that can be set in
       subdomain.conf: SUBDOMAIN_PATH, and SUBDOMAIN_MODULE_PANIC.

       This variable accepts a string (path), and is by default set to '/etc/apparmor.d/' This
       variable defines where the AppArmor security tool looks for its policy definitions (a.k.a.
       AppArmor profiles).

       This variable accepts a string that is one of four values: warn, build, panic, or build-
       panic, and is set by default to warn.

       This setting controls the behavior of the AppArmor initscript if it cannot successfully
       load the AppArmor kernel module on startup. The four possible settings are:

           Log a failure message (the default behavior).

           Attempt to build the AppArmor module against the currently running kernel. If the
           compilation is successful, the module will be loaded and AppArmor started; if the
           compilation fails, a failure message is logged.

           Log a failure message and drop to runlevel 1 (single user).

           Attempt to build the module against the running kernel (like build) and if the
           compilation fails, drop to runlevel 1 (single user).


       Setting the initscript to recompile the module will fail on SUSE, as the module source is
       no longer installed by default. However, the module has been included with the SUSE
       kernel, so no rebuilding should be necessary.

       If you find any additional bugs, please report them at


       apparmor(7), apparmor_parser(8), and <>.