From cc47d8d55783c823b46fd7bfdc17f247d8580476 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 8 Oct 2024 21:24:29 +0100 Subject: [PATCH] doc: minor improvment of dev doc. --- docs/development/dbus.md | 5 +---- docs/development/directives.md | 3 +-- docs/development/index.md | 4 ++-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/development/dbus.md b/docs/development/dbus.md index 38e931b8..e4133e5d 100644 --- a/docs/development/dbus.md +++ b/docs/development/dbus.md @@ -29,10 +29,7 @@ For more access, simply use the [`aa:dbus talk`](#dbus-directive) directive. There is a trade of between security and maintenance to make: - `aa:dbus talk` will generate less issue as it gives full talk access -- `abstractions/bus/*` will provide more restriction, and possibly more issue. - -Ideally, these rules should be automatically generated from either the dbus interface documentation or the program call. - +- `abstractions/bus/*` will provide more restriction, and possibly more issue. In the future, these rules will be automatically generated from the interface documentation. ## Dbus Directive diff --git a/docs/development/directives.md b/docs/development/directives.md index 8897f951..53c7e7dc 100644 --- a/docs/development/directives.md +++ b/docs/development/directives.md @@ -118,8 +118,7 @@ The `exec` directive is useful to allow executing transitions to a profile witho **`[X]`** -: If `X` is set, the directive will conserve the `x` file rules regardless of the transition. Not enabled by default as it may conflict with the parent profile. - +: If `X` is set, the directive will conserve the `x` file rules regardless of the transition. It is not enabled by default as it may conflict with the parent profile. Indeed, automatically adding `Px` and `ix` transition in a profile is a very effective way to have conflict between transitions as you can automatically add rule already present in the profile but with another transition (you would then get the AppArmor error: `profile has merged rule with conflicting x modifiers`). **Example** diff --git a/docs/development/index.md b/docs/development/index.md index 2e12a466..f44d86ae 100644 --- a/docs/development/index.md +++ b/docs/development/index.md @@ -62,11 +62,11 @@ If you're looking to contribute to `apparmor.d` you can get started by going to your devices or for your use case. -## Additional recommended documentation +## Recommended documentation * [The AppArmor Core Policy Reference](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference) * [The openSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html) -* https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html +* [SUSE Documentation](https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html) * [The AppArmor.d man page](https://man.archlinux.org/man/apparmor.d.5) * [F**k AppArmor](https://presentations.nordisch.org/apparmor/#/) * [A Brief Tour of Linux Security Modules](https://www.starlab.io/blog/a-brief-tour-of-linux-security-modules)