Signed-off-by: John Johansen <john.johan...@canonical.com> --- parser/apparmor.d.pod | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index d44fe33..1cfbe72 100644 --- a/parser/apparmor.d.pod +++ b/parser/apparmor.d.pod @@ -195,7 +195,7 @@ B<UNIX ATTR COND> 'attr' '=' ( I<AARE> | '(' '"' I<AARE> '"' | I<AARE> ')' ) B<UNIX OPT COND> 'opt' '=' ( I<AARE> | '(' '"' I<AARE> '"' | I<AARE> ')' ) -B<FILE RULE> = I<FILE QUALIFIERS> ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) I<ACCESS> [ -E<gt> <EXEC TARGET> ] ',' +B<FILE RULE> = I<FILE QUALIFIERS> ( ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) I<ACCESS> | [I<ACCESS> ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) ) [ -E<gt> <EXEC TARGET> ] ',' B<FILE QUALIFIERS> = [ I<QUALIFIERS> ] [ 'owner' ] [ 'file' ] @@ -515,6 +515,19 @@ on the new link, it must match the original file exactly. Allows the program to be able lock a file with this name. This permission covers both advisory and mandatory locking. +=item B<leading OR trailing access permissions> + +File rules can be specified with the access permission either leading +or trailing the file glob. Eg. + + rw /**, # leading permissions + + /** rw, # trailing permissions + +When a leading permissions is used further rule options and context +may be allowed, Eg. + l /foo -> /bar, # lead 'l' link permission is equivalent to link rules + =back =head2 Comments -- 2.1.4 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor