Hello,
Am Mittwoch, 1. April 2015 schrieb John Johansen:
> Signed-off-by: John Johansen <john.johan...@canonical.com>
> ---
> parser/apparmor.d.pod | 48
> ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32
> insertions(+), 16 deletions(-)
>
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index 74eed87..bef9680 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -44,6 +44,10 @@ to the policy; this behaviour is modelled after
> cpp(1).
>
> =over 4
>
> +B<PROFILE FILE> = ( I<PREAMBLE> I<PROFILE> )*
> +
> +B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<INCLUDE> )*
Add a note that VARIABLE ASSESSMENT must come before PROFILE, and
everything is fine ;-)
(can be done as a follow-up patch)
> B<INCLUDE> = '#include' ( I<ABS PATH> | I<MAGIC PATH> )
>
> B<ABS PATH> = '"' path '"' (the path is passed to open(2))
> @@ -54,7 +58,19 @@ B<COMMENT> = '#' I<TEXT> [ '\r' ] '\n'
>
> B<TEXT> = any characters
>
> -B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"'
> I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' ( I<RULES> )*
> '}' +B<PROFILE> = ( I<PROFILE NAME> ) [ I<ATTACHMENT SPECIFICATION> ]
> [ <PROFILE FLAG CONDS> ] I<BLOCK> +
> +B<PROFILE NAME> = [ 'profile' ] I<FILEGLOB> | 'profile' ( I<UNQUOTED
> PROFILE NAME> | I<QUOTED PROFILE NAME> ) +
> +B<QUOTED PROFILE NAME> = '"' I<UNQUOTED PROFILE NAME> '"'
I don't like the separation of QUOTED and UNQUOTED PROFILE NAME too much
and would prefer to explain the quoting in the section explaining the
profile name.
Note that PROFILE NAME is already used, so you'll need to find another
name.
> +B<UNQUOTED PROFILE NAME> = (must start with alphanumeric character
> (after variable expansion), or '/' B<AARE> have special meanings; see
> below. May include I<VARIABLE>. Rules with embedded spaces or tabs
> must be quoted.) +
...
> -B<BLOCK RULES> = I<SUBPROFILE>
> +B<BLOCK RULES> = ( I<SUBPROFILE> | I<HAT> )
> +
> +B<BLOCK> = '{' ( I<RULES> )* '}'
I'd prefer to have '{' and '}' in the definition of the rules that can
include a BLOCK.
...
> +B<HATNAME> = '^' ( {IDS}|{QUOTED_ID see aa_change_hat(2)
> for a description of how this "hat" is used.)
Hmm, is {IDS} really the correct syntax here? I don't know all details
about the POD syntax, but the whole line looks a bit interesting...
(and clearly different from all other lines)
BTW: Feel free to commit the already acked patches (if possible without
merge conflicts).
Even if not explicitely mentioned, my acks in this patchset are for
trunk and 2.9.
Regards,
Christian Boltz
--
> Offeriere denen mal kein ESMTP, dann klappt das schon :)
scnr: Vielleicht sollte er auch Anfragen ob er ihre Dokumente doch nicht
lieber vom Paketdienst abholen lassen soll, da ich vermute dass die das
evtl. noch mit dem Meißel in Stein hauen ...
[> Ralf Hildebrandt und Matthias Haegele in postfixbuch-users]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
