From 3c3c085d1a6b0c40e4a53cd910bf58ab9710e8a5 Mon Sep 17 00:00:00 2001
From: Seth Arnold <seth.arnold@canonical.com>
Date: Tue, 11 Apr 2006 22:50:01 +0000
Subject: [PATCH] correct (by removing) the number of permissions bits in the
 language; remove references to 'l' being required for unlink(); remove vim
 syntax file; remove reference to program-chunks/apache-default-uri

---
 docs/apparmor.d.pod | 29 ++++++-----------------------
 1 file changed, 6 insertions(+), 23 deletions(-)

diff --git a/docs/apparmor.d.pod b/docs/apparmor.d.pod
index 5eef5c820..5936dd3ce 100644
--- a/docs/apparmor.d.pod
+++ b/docs/apparmor.d.pod
@@ -106,7 +106,7 @@ has been provided to use change_hat(2).)
 =head2 Access Modes
 
 File permission access modes consists of combinations of the following
-seven modes:
+modes:
 
 =over 8
 
@@ -180,11 +180,11 @@ Inherit and Unconstrained execute entries.
 
 =item B<Link mode>
 
-Allows the program to be able to create and remove a link with this name
+Allows the program to be able to create a link with this name
 (including symlinks). When a link is created, the file that is being
 linked to B<MUST> have the same access permissions as the link being
 created (with the exception that the destination does not have to have
-link access.) Link access is required for unlinking a file.
+link access.)
 
 =back
 
@@ -323,9 +323,7 @@ descriptions of how some of the abstractions are used.
 
 =item F<abstractions/base>
 
-includes files that should be readable in all profiles, files that
-should be writable in all profiles, and a single network confinement
-rule to ensure every domain includes network constraints. 
+includes files that should be readable and writable in all profiles.
 
 =begin comment
 
@@ -361,7 +359,8 @@ includes file access rules needed for common kerberos clients.
 =back
 
 The abstractions stored in F</etc/apparmor.d/program-chunks/> are
-intended for use by single programs.
+intended for use by specific program suites, and are not generally
+useful.
 
 =begin comment
 
@@ -373,20 +372,6 @@ certain services to communicate only with specific subnets.)
 
 =end comment
 
-References to user home directories in profiles are usually confined to
-abstractions stored in files with names beginning with "user-". There
-are many here suitable for customization; a few notable entries:
-
-=over 4
-
-=item F<program-chunks/apache-default-uri>
-
-is a convenient place to put file access that should be allowed for
-Apache change_hat(2) conventions that don't have a more specific
-subprofile in Apache's profile. See also mod_apparmor(5).
-
-=back
-
 =head1 EXAMPLE
 
 An example AppArmor profile:
@@ -421,8 +406,6 @@ An example AppArmor profile:
 
 =item F</etc/apparmor.d/>
 
-=item F</usr/share/vim/current/syntax/apparmor.vim>
-
 =back
 
 =head1 SEE ALSO