mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-04 01:05:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc: minor improvment of dev doc.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-08 21:24:29 +01:00
parent 146bda8f45
commit cc47d8d557
Failed to generate hash of commit
3 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/development/dbus.md
View file

@ -29,10 +29,7 @@ For more access, simply use the [`aa:dbus talk`](#dbus-directive) directive.
There is a trade of between security and maintenance to make: There is a trade of between security and maintenance to make:
- `aa:dbus talk` will generate less issue as it gives full talk access - `aa:dbus talk` will generate less issue as it gives full talk access
- `abstractions/bus/*` will provide more restriction, and possibly more issue. - `abstractions/bus/*` will provide more restriction, and possibly more issue. In the future, these rules will be automatically generated from the interface documentation.
Ideally, these rules should be automatically generated from either the dbus interface documentation or the program call.
## Dbus Directive ## Dbus Directive

3
docs/development/directives.md
View file

@ -118,8 +118,7 @@ The `exec` directive is useful to allow executing transitions to a profile witho
**`[X]`** **`[X]`**
: If `X` is set, the directive will conserve the `x` file rules regardless of the transition. Not enabled by default as it may conflict with the parent profile. : If `X` is set, the directive will conserve the `x` file rules regardless of the transition. It is not enabled by default as it may conflict with the parent profile. Indeed, automatically adding `Px` and `ix` transition in a profile is a very effective way to have conflict between transitions as you can automatically add rule already present in the profile but with another transition (you would then get the AppArmor error: `profile has merged rule with conflicting x modifiers`).
**Example** **Example**

4
docs/development/index.md
View file

@ -62,11 +62,11 @@ If you're looking to contribute to `apparmor.d` you can get started by going to
your devices or for your use case. your devices or for your use case.
## Additional recommended documentation ## Recommended documentation
* [The AppArmor Core Policy Reference](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference) * [The AppArmor Core Policy Reference](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference)
* [The openSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html) * [The openSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html)
* https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html * [SUSE Documentation](https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html)
* [The AppArmor.d man page](https://man.archlinux.org/man/apparmor.d.5) * [The AppArmor.d man page](https://man.archlinux.org/man/apparmor.d.5)
* [F**k AppArmor](https://presentations.nordisch.org/apparmor/#/) * [F**k AppArmor](https://presentations.nordisch.org/apparmor/#/)
* [A Brief Tour of Linux Security Modules](https://www.starlab.io/blog/a-brief-tour-of-linux-security-modules) * [A Brief Tour of Linux Security Modules](https://www.starlab.io/blog/a-brief-tour-of-linux-security-modules)