mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update documentation of change_hat and change_profile apis

Browse source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@gmail.com>
This commit is contained in:
John Johansen 2012-11-20 16:52:43 -08:00
parent 276ef3facf
commit fd6a33f89e
2 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
libraries/libapparmor/doc/aa_change_hat.pod
View file

@ -99,16 +99,25 @@ Insufficient kernel memory was available.
=item B<EPERM>
The calling application is not confined by apparmor.
The calling application is not confined by apparmor, the specified
I<subprofile> is not a I<hat profile>, the task is being ptraced and the
tracing task does not have permission to trace the specified I<subprofile> or the no_new_privs execution bit is
enabled.
=item B<ECHILD>
The application's profile has no hats defined for it.
=item B<ENOENT>
The specified I<subprofile> does not exist in this profile but other hats
are defined.
=item B<EACCES>
The specified I<subprofile> does not exist in this profile or the
process tried to change another process's domain.
The specified magic token did not match, and permissions to change to
the specified I<subprofile> has been denied. This will in most situations
also result in the task being killed, to prevent brute force attacks.
=back

13
libraries/libapparmor/doc/aa_change_profile.pod
View file

@ -74,8 +74,9 @@ errno(3) is set appropriately.
=item B<EINVAL>
The apparmor kernel module is not loaded or the communication via the
F</proc/*/attr/current> file did not conform to protocol.
The apparmor kernel module is not loaded, neither a profile nor a namespace
was specified, or the communication via the F</proc/*/attr/current> file did
not conform to protocol.
=item B<ENOMEM>
@ -83,12 +84,18 @@ Insufficient kernel memory was available.
=item B<EPERM>
The calling application is not confined by apparmor.
The calling application is not confined by apparmor, or the no_new_privs
bit is set.
=item B<EACCES>
The task does not have sufficient permissions to change its domain.
=item B<ENOENT>
The specified profile does not exist, or is not visible from the current
Namespace.
=back
=head1 EXAMPLE