[apparmor] [PATCH 04/10] Update capability rule description in man page
Christian Boltz
apparmor at cboltz.de
Fri Mar 20 12:21:48 UTC 2015
Hello,
Am Freitag, 20. März 2015 schrieb John Johansen:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/apparmor.d.pod | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index ce82b57..db5ea0e 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -54,10 +54,14 @@ B<COMMENT> = '#' I<TEXT>
>
> B<TEXT> = any characters
>
> -B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' [ ( I<RESOURCE RULE> | I<COMMENT> | I<INCLUDE> | I<SUBPROFILE> | 'capability ' I<CAPABILITY> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<DBUS RULE> | I<UNIX RULE> I<FILE RULE> | 'change_profile -E<gt> ' I<PROGRAMCHILD> ) ... ] '}'
> +B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' [ ( I<RESOURCE RULE> | I<COMMENT> | I<INCLUDE> | I<SUBPROFILE> | I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<DBUS RULE> | I<UNIX RULE> | I<FILE RULE> | 'change_profile -E<gt> ' I<PROGRAMCHILD> ) ... ] '}'
For those who don't like to search for the needle in the haystack ;-) -
the relevant change is 'capability ' I<CAPABILITY> -> <CAPABILITY RULE>
(+ a missing "|" between unix rule and file rule)
The [ 'flags=(complain)' ] is also outdated because we have more
flags nowadays. Please also update it (as a separate patch).
> B<SUBPROFILE> = [ I<COMMENT> ... ] ( I<PROGRAMHAT> | 'profile ' I<PROGRAMCHILD> ) '{' [ ( I<FILE RULE> | I<COMMENT> | I<INCLUDE> ) ... ] '}'
>
> +B<CAPABILITY RULE> = [ 'audit' ] [ 'deny' ] 'capability' [ I<CAPABILITY LIST> ]
> +
> +B<CAPABILITY LIST> = ( I<CAPABILITY> )+
> +
> B<CAPABILITY> = (lowercase capability name without 'CAP_' prefix; see
> capabilities(7))
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
SPENDENAUFRUF
Bitte spendet fleißig für neue Glaskugeln für die hier ständig
glaskugelnden, der Verschleiß ist zwar gering, aber über die Jahre
nutzt sich eine Glaskugel doch ab ... [David Haller in opensuse-de]
More information about the AppArmor
mailing list