Re: [apparmor] [PATCH 04/10] Update capability rule description in man page

Fri, 20 Mar 2015 05:22:19 -0700 

Hello,

Am Freitag, 20. März 2015 schrieb John Johansen:
> Signed-off-by: John Johansen <john.johan...@canonical.com>
> ---
>  parser/apparmor.d.pod | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index ce82b57..db5ea0e 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -54,10 +54,14 @@ B<COMMENT> = '#' I<TEXT>
 > 
 > B<TEXT> = any characters
 >
> -B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' 
> I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' [ ( I<RESOURCE RULE> 
> | I<COMMENT> | I<INCLUDE> | I<SUBPROFILE> | 'capability ' I<CAPABILITY> | 
> I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<DBUS RULE> | I<UNIX 
> RULE> I<FILE RULE> | 'change_profile -E<gt> ' I<PROGRAMCHILD> ) ... ] '}'
> +B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' 
> I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' [ ( I<RESOURCE RULE> 
> | I<COMMENT> | I<INCLUDE> | I<SUBPROFILE> | I<CAPABILITY RULE> | I<NETWORK 
> RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<DBUS RULE> | I<UNIX RULE> | 
> I<FILE RULE> | 'change_profile -E<gt> ' I<PROGRAMCHILD> ) ... ] '}'

For those who don't like to search for the needle in the haystack ;-) -
the relevant change is   'capability ' I<CAPABILITY>   ->   <CAPABILITY RULE>
(+ a missing "|" between unix rule and file rule)

The   [ 'flags=(complain)' ]   is also outdated because we have more 
flags nowadays. Please also update it (as a separate patch).

>  B<SUBPROFILE> = [ I<COMMENT> ... ] ( I<PROGRAMHAT> | 'profile ' 
> I<PROGRAMCHILD> ) '{' [ ( I<FILE RULE> | I<COMMENT> | I<INCLUDE> ) ... ] '}'
 >
> +B<CAPABILITY RULE> = [ 'audit' ] [ 'deny' ] 'capability' [ I<CAPABILITY 
> LIST> ]
> +
> +B<CAPABILITY LIST> = ( I<CAPABILITY> )+
> +
>  B<CAPABILITY> = (lowercase capability name without 'CAP_' prefix; see
>  capabilities(7))

Acked-by: Christian Boltz <appar...@cboltz.de>


Regards,

Christian Boltz
-- 
SPENDENAUFRUF
Bitte spendet fleißig für neue Glaskugeln für die hier ständig
glaskugelnden, der Verschleiß ist zwar gering, aber über die Jahre
nutzt sich eine Glaskugel doch ab ... [David Haller in opensuse-de]


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to