mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-24 20:08:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc: minor improvment of dev doc.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-08 21:24:29 +01:00
parent 146bda8f45
commit cc47d8d557
Failed to generate hash of commit
3 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/development/dbus.md
View file

@ -29,10 +29,7 @@ For more access, simply use the [`aa:dbus talk`](#dbus-directive) directive.
There is a trade of between security and maintenance to make:
- `aa:dbus talk` will generate less issue as it gives full talk access
- `abstractions/bus/*` will provide more restriction, and possibly more issue.
Ideally, these rules should be automatically generated from either the dbus interface documentation or the program call.
- `abstractions/bus/*` will provide more restriction, and possibly more issue. In the future, these rules will be automatically generated from the interface documentation.
## Dbus Directive

3
docs/development/directives.md
View file

@ -118,8 +118,7 @@ The `exec` directive is useful to allow executing transitions to a profile witho
**`[X]`**
: If `X` is set, the directive will conserve the `x` file rules regardless of the transition. Not enabled by default as it may conflict with the parent profile.
: If `X` is set, the directive will conserve the `x` file rules regardless of the transition. It is not enabled by default as it may conflict with the parent profile. Indeed, automatically adding `Px` and `ix` transition in a profile is a very effective way to have conflict between transitions as you can automatically add rule already present in the profile but with another transition (you would then get the AppArmor error: `profile has merged rule with conflicting x modifiers`).
**Example**

4
docs/development/index.md
View file

@ -62,11 +62,11 @@ If you're looking to contribute to `apparmor.d` you can get started by going to
your devices or for your use case.
## Additional recommended documentation
## Recommended documentation
* [The AppArmor Core Policy Reference](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference)
* [The openSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html)
* https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html
* [SUSE Documentation](https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html)
* [The AppArmor.d man page](https://man.archlinux.org/man/apparmor.d.5)
* [F**k AppArmor](https://presentations.nordisch.org/apparmor/#/)
* [A Brief Tour of Linux Security Modules](https://www.starlab.io/blog/a-brief-tour-of-linux-security-modules)