mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge manpages: Add ENOPROTOOPT error in aa_getcon() manpage

Browse source 
The call aa_getpeercon() can return ENOPROTOOPT error in some cases, specifically when the kernel lacks 'fine grained unix mediation'. Currently, this capability isn't available in upstream kernels, but only in patched ones (for example, the regular Ubuntu kernels). Unfortunately, the manpage lacks this info. This patch fixes this.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/366
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1143
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2024-01-30 09:33:48 +00:00
commit b03abbd75f
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
libraries/libapparmor/doc/aa_getcon.pod
View file

@ -116,6 +116,14 @@ The specified I<file/task> does not exist or is not visible.
The confinement data is too large to fit in the supplied buffer.
=item B<ENOPROTOOPT>
The kernel doesn't support the SO_PEERLABEL option in sockets. This happens
mainly when the kernel lacks 'fine grained unix mediation' support. It also
can happen on LSM stacking kernels where another LSM has claimed this
interface and decides to return this error, although this is really a
corner case.
=back
=head1 NOTES