Here you go


# $Id: logprof.conf 981 2007-09-17 03:28:26Z DominicReynolds_ $
# ------------------------------------------------------------------
#
#    Copyright (C) 2004-2006 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

[settings]
  profiledir = /etc/apparmor.d /etc/subdomain.d
  inactive_profiledir = /usr/share/doc/apparmor-profiles/extras 
  logfiles = /var/log/audit/audit.log /var/log/messages /var/log/syslog

  parser = /sbin/apparmor_parser /sbin/subdomain_parser
  ldd = /usr/bin/ldd
  logger = /bin/logger /usr/bin/logger

  # custom directory locations to look for #includes
  #
  # each name should be a valid directory containing possible #include
  # candidate files under the profile dir which by default is /etc/apparmor.d.
  #
  # So an entry of my-includes will allow /etc/apparmor.d/my-includes to
  # be used by the yast UI and profiling tools as a source of #include
  # files.
  custom_includes =


[repository]
  distro         = ubuntu-gutsy
  url            = http://apparmor.test.opensuse.org/backend/api
  preferred_user = ubuntu

[qualifiers]
  # things will be painfully broken if bash has a profile
  /bin/bash     = iu
  /bin/ksh	= iu

  # these programs can't function if they're confined
  /bin/mount    = u
  /etc/init.d/subdomain = u
  /sbin/cardmgr = u
  /sbin/subdomain_parser = u
  /usr/sbin/genprof = u
  /usr/sbin/logprof = u
  /usr/lib/YaST2/servers_non_y2/ag_genprof = u
  /usr/lib/YaST2/servers_non_y2/ag_logprof = u

  # these ones shouln't have their own profiles
  /bin/awk      = i
  /bin/cat      = i
  /bin/chmod    = i
  /bin/chown    = i
  /bin/cp       = i
  /bin/gawk     = i
  /bin/grep     = i
  /bin/gunzip   = i
  /bin/gzip     = i
  /bin/kill     = i
  /bin/ln       = i
  /bin/ls       = i
  /bin/mkdir    = i
  /bin/mv       = i
  /bin/readlink = i
  /bin/rm       = i
  /bin/sed      = i
  /bin/touch    = i
  /sbin/killall5 = i
  /usr/bin/find = i
  /usr/bin/killall = i
  /usr/bin/nice = i
  /usr/bin/perl = i
  /usr/bin/tr   = i

[required_hats]
  ^.+/apache(|2|2-prefork)$ = DEFAULT_URI HANDLING_UNTRUSTED_INPUT
  ^.+/httpd(|2|2-prefork)$  = DEFAULT_URI HANDLING_UNTRUSTED_INPUT

[defaulthat]
  ^.+/apache(|2|2-prefork)$ = DEFAULT_URI
  ^.+/httpd(|2|2-prefork)$  = DEFAULT_URI

[globs]
  # /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib*
  /lib/lib[^\/]+so[^\/]*$           = /lib/lib*so*

  # strip kernel version numbers from kernel module accesses
  ^/lib/modules/[^\/]+\/            = /lib/modules/*/

  # strip pid numbers from /proc accesses
  ^/proc/\d+/                       = /proc/*/

  # if it looks like a home directory, glob out the username
  ^/home/[^\/]+                     = /home/*

  # if they use any perl modules, grant access to all
  ^/usr/lib/perl5/.+$               = /usr/lib/perl5/**

  # locale foo
  ^/usr/lib/locale/.+$              = /usr/lib/locale/**
  ^/usr/share/locale/.+$            = /usr/share/locale/**

  # timezone fun
  ^/usr/share/zoneinfo/.+$          = /usr/share/zoneinfo/**

  # /foobar/fonts/baz -> /foobar/fonts/**
  /fonts/.+$                        = /fonts/**

  # turn /foo/bar/baz.8907234 into /foo/bar/baz.*
  # BUGBUG - this one looked weird because it would suggest a glob for
  # BUGBUG - libfoo.so.5.6.0 that looks like libfoo.so.5.6.*
  # \.\d+$                            = .*

  # some various /etc/security poo -- dunno about these ones...
  ^/etc/security/_[^\/]+$           = /etc/security/*
  ^/lib/security/pam_filter/[^\/]+$ = /lib/security/pam_filter/*
  ^/lib/security/pam_[^\/]+\.so$    = /lib/security/pam_*.so

  ^/etc/pam.d/[^\/]+$               = /etc/pam.d/*
  ^/etc/profile.d/[^\/]+\.sh$       = /etc/profile.d/*.sh