From cc2d71023b680dd5fef995e24d516fb74f87bd38 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Mon, 1 Mar 2021 19:38:30 +0100 Subject: [PATCH] Improve AARE documentation in apparmor.d manpage ... as discussed on the mailinglist --- parser/apparmor.d.pod | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod index c4ba07824..b4ac01a85 100644 --- a/parser/apparmor.d.pod +++ b/parser/apparmor.d.pod @@ -241,9 +241,6 @@ B = Comma separated list of I B = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' ) Some accesses are incompatible with some rules; see below. -B = B - See below for meanings. - B = [ I ] 'unix' [ I ] [ I ] [ I ] [ I ] B = ( I | I ) @@ -300,6 +297,9 @@ B = '"' I '"' B = (must start with '/' (after variable expansion), B have special meanings; see below. May include I. Rules with embedded spaces or tabs must be quoted. Rules must end with '/' to apply to directories.) +B = B + See section "Globbing (AARE)" below for meanings. + B = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | I )+ (not all combinations are allowed; see below.) B = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' | 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' ) @@ -1513,9 +1513,10 @@ F, which is included by F. F is typically included at the beginning of an AppArmor profile. -=head2 Globbing +=head2 Globbing (AARE) -File resources may be specified with a globbing syntax similar to that +File resources and other parameters accepting an AARE +may be specified with a globbing syntax similar to that used by popular shells, such as csh(1), bash(1), zsh(1). =over 4 @@ -1548,6 +1549,12 @@ will substitute for any single character not matching a, b or c will expand to one rule to match ab, one rule to match cd +Can also include variables. + +=item B<@{variable}> + +will expand to all values assigned to the given variable. + =back When AppArmor looks up a directory the pathname being looked up will