In the past with SLES 11 sp3 and sp4 I could go into AppArmor and there were some shared/community profiles available that others had created to help provide a "sample" for applications I was looking for. I am updating a BIND server from SLES 11sp4 to SLES 12sp1 and when I attempted to create the AppArmor profile that option wasn't there. In fact, the AppArmor Yast settings are very small when compared to previous version. I looked at the SLES 11sp4 AppArmor profile and alot appears to have changed with SLES 12sp1 so I am looking for recommendations on setting up a good AppArmor profile for BIND? This is just going to be used as a forwarder to Cisco openDNS service but want to secure this box, specifically AppArmor the named service.

Here is what I have from SLES 11sp4
Code:
# Last Modified: Mon Oct 17 12:17:06 2011
# $Id: usr.sbin.named 559 2007-04-10 23:05:33Z agruen $
#
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2005 Novell/SUSE
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

#include <tunables/global>

/usr/sbin/named {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/xad>

  capability net_bind_service,
  capability setgid,
  capability setuid,
  capability sys_chroot,
  capability sys_resource,


  /** r,
  /dyn/** rwl,
  /slave/* rw,
  /tmp/DNS_* rw,
  /usr/bin/dnskeygen mix,
  /usr/bin/dnsquery mix,
  /usr/sbin/named mrix,
  /usr/sbin/named-xfer mix,
  /var/lib/named/** rwl,
  /var/named/** rwl,
  /var/opt/novell/xad/ds/krb5kdc/krb5.keytab r,
  /var/run/named.pid wl,
  /var/run/named/named.pid wl,
  /var/run/ndc wl,
  /var/tmp/DNS_* rw,

}
When I look at my SLES 12sp1 server some of these files are not present. Just looking for a basic AppArmor profile for named. I see plenty for Ubuntu but not sure if those would work. I am guessing not since the file locations are different.