On Tue, Apr 10, 2012 at 05:06:59PM -0500, Jamie Strandboge wrote: > Attached is an updated patch. It adds some language to "2. If a > conditional is specified using 'in'..." and "KNOWN BUGS". > @@ -328,6 +355,248 @@ > network inet tcp, #allow access to tcp only for inet4 addresses > network inet6 tcp, #allow access to tcp only for inet6 addresses > > +=head2 Mount Rules > + > +AppArmor supports mount mediation and allows specifying filesystem types and > +mount flags. The syntax of mount rules in AppArmor is based on mount rule > +syntax. Mount rules must contain one of the mount, remount, umount or > +pivot_root keywords, but all mount conditions are optional. Unspecified > +optional conditionals are assumed to match all entries (eg, not specifying > +fstype means all fstypes are matched). Due to the complexity of the mount > +command and how options may be specified, AppArmor allows specifying > +conditionals two different ways: > + > +=item 1. > + > +If a conditional is specified using '=', then the rule only grants permission > +for mounts matching the exactly specified options. For example, an AppArmor > +policy with the following rule: > + > +=over 4
So, back when I fixed the Makefile in libraries/libapparmor/doc to add
--stderr to pod2man, I forgot to do it for the rest of the locations
where manpages are generated, such as in the parser directory and
apparmor.d.5, which masks the error message that the =item section
occurs outside of an =over section (it gets added as a section to the
bottom of the manpage).
Attached is a patch to add --stderr to the common rules for generating
manpages (and adjust it so that it's one rule instead of eight). It
also fixes the above problem and a similar problem in the aa-exec
manpage. It doesn't look like pod2html supports such an option, so
I didn't adjust the rules for generating that, and I couldn't find an
option to pod2man to turn emitting anything to stderr into an error,
much to Christian's disappointment, I'm sure.
---
common/Make.rules | 25 ++-----------------------
parser/apparmor.d.pod | 2 ++
utils/aa-exec.pod | 2 ++
3 files changed, 6 insertions(+), 23 deletions(-)
Index: b/common/Make.rules
===================================================================
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -206,29 +206,8 @@ install_manpages: $(MANPAGES)
MAN_RELEASE="AppArmor ${VERSION}"
-%.1: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=1 >
$@
-
-%.2: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=2 >
$@
-
-%.3: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=3 >
$@
-
-%.4: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=4 >
$@
-
-%.5: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=5 >
$@
-
-%.6: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=6 >
$@
-
-%.7: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=7 >
$@
-
-%.8: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=8 >
$@
+%.1 %.2 %.3 %.4 %.5 %.6 %.7 %.8: %.pod
+ $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --stderr
--section=$(subst .,,$(suffix $@)) > $@
%.1.html: %.pod
$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
Index: b/parser/apparmor.d.pod
===================================================================
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -366,6 +366,8 @@ fstype means all fstypes are matched). D
command and how options may be specified, AppArmor allows specifying
conditionals two different ways:
+=over 4
+
=item 1.
If a conditional is specified using '=', then the rule only grants permission
Index: b/utils/aa-exec.pod
===================================================================
--- a/utils/aa-exec.pod
+++ b/utils/aa-exec.pod
@@ -82,6 +82,8 @@ arguments after the -- are treated as ar
useful when passing arguments to the I<E<lt>commandE<gt>> being invoked by
aa-exec.
+=back
+
=head1 BUGS
If you find any bugs, please report them at
--
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
