mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge Improve AARE documentation in apparmor.d manpage

Browse source 
... as discussed on the mailinglist

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/715
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2021-03-07 17:25:36 +00:00
commit c2718e2677
1 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
parser/apparmor.d.pod
View file

@ -241,9 +241,6 @@ B<DBUS ACCESS LIST> = Comma separated list of I<DBUS ACCESS>
B<DBUS ACCESS> = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' )
Some accesses are incompatible with some rules; see below.
B<AARE> = B<?*[]{}^>
See below for meanings.
B<UNIX RULE> = [ I<QUALIFIERS> ] 'unix' [ I<UNIX ACCESS EXPR> ] [ I<UNIX RULE CONDS> ] [ I<UNIX LOCAL EXPR> ] [ I<UNIX PEER EXPR> ]
B<UNIX ACCESS EXPR> = ( I<UNIX ACCESS> | I<UNIX ACCESS LIST> )
@ -300,6 +297,9 @@ B<QUOTED FILEGLOB> = '"' I<UNQUOTED FILEGLOB> '"'
B<UNQUOTED FILEGLOB> = (must start with '/' (after variable expansion), B<AARE> have special meanings; see below. May include I<VARIABLE>. Rules with embedded spaces or tabs must be quoted. Rules must end with '/' to apply to directories.)
B<AARE> = B<?*[]{}^>
See section "Globbing (AARE)" below for meanings.
B<ACCESS> = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | I<EXEC TRANSITION> )+ (not all combinations are allowed; see below.)
B<EXEC TRANSITION> = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' | 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' )
@ -1513,9 +1513,10 @@ F</etc/apparmor.d/tunables/alias>, which is included by
F</etc/apparmor.d/tunables/global>. F</etc/apparmor.d/tunables/global> is
typically included at the beginning of an AppArmor profile.
=head2 Globbing
=head2 Globbing (AARE)
File resources may be specified with a globbing syntax similar to that
File resources and other parameters accepting an AARE
may be specified with a globbing syntax similar to that
used by popular shells, such as csh(1), bash(1), zsh(1).
=over 4
@ -1548,6 +1549,12 @@ will substitute for any single character not matching a, b or c
will expand to one rule to match ab, one rule to match cd
Can also include variables.
=item B<@{variable}>
will expand to all values assigned to the given variable.
=back
When AppArmor looks up a directory the pathname being looked up will