From fd6a33f89e77af30c4e0204da611d98c81318253 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 20 Nov 2012 16:52:43 -0800
Subject: [PATCH] Update documentation of change_hat and change_profile apis

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@gmail.com>
---
 libraries/libapparmor/doc/aa_change_hat.pod     | 15 ++++++++++++---
 libraries/libapparmor/doc/aa_change_profile.pod | 13 ++++++++++---
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/libraries/libapparmor/doc/aa_change_hat.pod b/libraries/libapparmor/doc/aa_change_hat.pod
index 0931f40a9..796ad0d5c 100644
--- a/libraries/libapparmor/doc/aa_change_hat.pod
+++ b/libraries/libapparmor/doc/aa_change_hat.pod
@@ -99,16 +99,25 @@ Insufficient kernel memory was available.
 
 =item B<EPERM>
 
-The calling application is not confined by apparmor.
+The calling application is not confined by apparmor, the specified
+I<subprofile> is not a I<hat profile>, the task is being ptraced and the
+tracing task does not have permission to trace the specified I<subprofile> or the no_new_privs execution bit is
+enabled.
 
 =item B<ECHILD>
 
 The application's profile has no hats defined for it.
 
+=item B<ENOENT>
+
+The specified I<subprofile> does not exist in this profile but other hats
+are defined.
+
 =item B<EACCES>
 
-The specified I<subprofile> does not exist in this profile or the
-process tried to change another process's domain.
+The specified magic token did not match, and permissions to change to
+the specified I<subprofile> has been denied. This will in most situations
+also result in the task being killed, to prevent brute force attacks.
 
 =back 
 
diff --git a/libraries/libapparmor/doc/aa_change_profile.pod b/libraries/libapparmor/doc/aa_change_profile.pod
index 88c367e6e..796d3014b 100644
--- a/libraries/libapparmor/doc/aa_change_profile.pod
+++ b/libraries/libapparmor/doc/aa_change_profile.pod
@@ -74,8 +74,9 @@ errno(3) is set appropriately.
 
 =item B<EINVAL>
 
-The apparmor kernel module is not loaded or the communication via the
-F</proc/*/attr/current> file did not conform to protocol.
+The apparmor kernel module is not loaded, neither a profile nor a namespace
+was specified, or the communication via the F</proc/*/attr/current> file did
+not conform to protocol.
 
 =item B<ENOMEM>
 
@@ -83,12 +84,18 @@ Insufficient kernel memory was available.
 
 =item B<EPERM>
 
-The calling application is not confined by apparmor.
+The calling application is not confined by apparmor, or the no_new_privs
+bit is set.
 
 =item B<EACCES>
 
 The task does not have sufficient permissions to change its domain.
 
+=item B<ENOENT>
+
+The specified profile does not exist, or is not visible from the current
+Namespace.
+
 =back
 
 =head1 EXAMPLE