[apparmor] [PATCH 08/10] Update apparmor.d man page to document file rules with leading permissions
Christian Boltz
apparmor at cboltz.de
Fri Mar 20 20:09:07 UTC 2015
Hello,
Am Freitag, 20. März 2015 schrieb John Johansen:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/apparmor.d.pod | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index d44fe33..1cfbe72 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -195,7 +195,7 @@ B<UNIX ATTR COND> 'attr' '=' ( I<AARE> | '(' '"'
> I<AARE> '"' | I<AARE> ')' )
>
> B<UNIX OPT COND> 'opt' '=' ( I<AARE> | '(' '"' I<AARE> '"' | I<AARE>
> ')' )
>
> -B<FILE RULE> = I<FILE QUALIFIERS> ( '"' I<FILEGLOB> '"' | I<FILEGLOB>
> ) I<ACCESS> [ -E<gt> <EXEC TARGET> ] ','
> +B<FILE RULE> = I<FILE QUALIFIERS>
See 05/10 for <FILE QUALIFIERS> (which means you'll need to slightly
adjust this patch ;-)
> ( ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) I<ACCESS> |
> [I<ACCESS> ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) ) [ -E<gt> <EXEC
> TARGET> ] ','
Oh well. See non-random sig ;-) (and my proposal in 09/10)
> @@ -515,6 +515,19 @@ on the new link, it must match the original file
> exactly. Allows the program to be able lock a file with this name.
> This permission covers both advisory and mandatory locking.
>
> +=item B<leading OR trailing access permissions>
> +
> +File rules can be specified with the access permission either leading
> +or trailing the file glob. Eg.
> +
> + rw /**, # leading permissions
> +
> + /** rw, # trailing permissions
> +
> +When a leading permissions is used further rule options and context
> +may be allowed, Eg.
> + l /foo -> /bar, # lead 'l' link permission is equivalent to link
> rules +
With <FILE QUALIFIERS> replaced as described in my 05/10 reply,
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
GETOPT(3)
BUGS
This manpage is confusing.
More information about the AppArmor
mailing list