Hello, The apparmor.d description about alias rules was broken in multiple ways. The manpage - didn't include the alias keyword - listed alias rules in the "COMMA RULES" section - while that's correct for the comma requirement, it's also wrong because COMMA RULES is meant to be inside a profile - didn't list alias rules in the PREAMBLE section
This patch fixes this.
It also moves the definition of VARIABLE, VARIABLE ASSIGNMENT (both
unchanged) and ALIAS RULE next to PREAMBLE.
I propose this patch for trunk and 2.10.
The patch doesn't apply cleanly on the 2.9 apparmor.d manpage, and
people still using 2.9 probably found out in the meantime how things
work ;-)
[ apparmor.d.pod-alias.diff ]
=== modified file 'parser/apparmor.d.pod'
--- parser/apparmor.d.pod 2016-10-14 18:32:48 +0000
+++ parser/apparmor.d.pod 2016-11-16 18:42:50 +0000
@@ -46,8 +46,14 @@
B<PROFILE FILE> = ( [ I<PREAMBLE> ] [ I<PROFILE> ] )*
-B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<INCLUDE> )*
- Variable assignment must come before the profile.
+B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<ALIAS RULE> |
I<INCLUDE> )*
+ Variable assignment and alias rules must come before the profile.
+
+B<VARIABLE ASSIGNMENT> = I<VARIABLE> ('=' | '+=') (space separated values)
+
+B<VARIABLE> = '@{' I<ALPHA> [ ( I<ALPHANUMERIC> | '_' ) ... ] '}'
+
+B<ALIAS RULE> = 'alias' I<ABS PATH> '-E<gt>' I<REWRITTEN ABS PATH> ','
B<INCLUDE> = '#include' ( I<ABS PATH> | I<MAGIC PATH> )
@@ -80,7 +86,7 @@
B<LINE RULES> = ( I<COMMENT> | I<INCLUDE> ) [ '\r' ] '\n'
-B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> |
I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> |
I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<ALIAS RULE> | I<DBUS RULE> )
+B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> |
I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> |
I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<DBUS RULE> )
B<BLOCK RULES> = ( I<SUBPROFILE> | I<HAT> | I<QUALIFIER BLOCK> )
@@ -267,12 +273,6 @@
B<LINK RULE> = I<QUALIFIERS> [ 'owner' ] 'link' [ 'subset' ] I<FILEGLOB> (
'to' | '-E<gt>' ) I<FILEGLOB>
-B<VARIABLE> = '@{' I<ALPHA> [ ( I<ALPHANUMERIC> | '_' ) ... ] '}'
-
-B<VARIABLE ASSIGNMENT> = I<VARIABLE> ('=' | '+=') (space separated values)
-
-B<ALIAS RULE> = I<ABS PATH> '-E<gt>' I<REWRITTEN ABS PATH>
-
B<ALPHA> = ('a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z')
B<ALPHANUMERIC> = ('0', '1', '2', ... '9', 'a', 'b', 'c', ... 'z', 'A', 'B',
... 'Z')
Regards,
Christian Boltz
--
> I don't really know how nor why, but if a spellchecker is
> enabled on the wiki server, the edit wiki windows do
> colorize the mispelled words and this is very handy.
I have mixed feelings about using a spill chicken...
[> jdd and Peter Flodin in opensuse-wiki]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
