From ffc46247adbb5b19c5354e30ab93263f00eca4bd Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Wed, 2 Oct 2024 17:01:17 -0700 Subject: [PATCH] Proofreading of libapparmor manpages to fix a few nits Signed-off-by: Ryan Lee --- libraries/libapparmor/doc/aa_change_hat.pod | 2 +- libraries/libapparmor/doc/aa_change_profile.pod | 6 +++--- libraries/libapparmor/doc/aa_stack_profile.pod | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libraries/libapparmor/doc/aa_change_hat.pod b/libraries/libapparmor/doc/aa_change_hat.pod index 752208e1c..8f38d8022 100644 --- a/libraries/libapparmor/doc/aa_change_hat.pod +++ b/libraries/libapparmor/doc/aa_change_hat.pod @@ -22,7 +22,7 @@ =head1 NAME -aa_change_hat - change to or from a "hat" within a AppArmor profile +aa_change_hat - change to or from a "hat" within a AppArmor profile =head1 SYNOPSIS diff --git a/libraries/libapparmor/doc/aa_change_profile.pod b/libraries/libapparmor/doc/aa_change_profile.pod index b04e9c5c2..acf8673e5 100644 --- a/libraries/libapparmor/doc/aa_change_profile.pod +++ b/libraries/libapparmor/doc/aa_change_profile.pod @@ -22,7 +22,7 @@ =head1 NAME -aa_change_profile, aa_change_onexec - change a tasks profile +aa_change_profile, aa_change_onexec - change a task's profile =head1 SYNOPSIS @@ -58,8 +58,8 @@ The aa_change_onexec() function is like the aa_change_profile() function except it specifies that the profile transition should take place on the next exec instead of immediately. The delayed profile change takes precedence over any exec transition rules within the confining profile. -Delaying the profile boundary has a couple of advantages, it removes the -need for stub transition profiles and the exec boundary is a natural security +Delaying the profile boundary has a couple of advantages: it removes the +need for stub transition profiles, and the exec boundary is a natural security layer where potentially sensitive memory is unmapped. =head1 RETURN VALUE diff --git a/libraries/libapparmor/doc/aa_stack_profile.pod b/libraries/libapparmor/doc/aa_stack_profile.pod index 140776437..2be06b572 100644 --- a/libraries/libapparmor/doc/aa_stack_profile.pod +++ b/libraries/libapparmor/doc/aa_stack_profile.pod @@ -41,7 +41,7 @@ result is an intersection of all profiles which are stacked. Stacking profiles together is desirable when wanting to ensure that confinement will never become more permissive. When changing between two profiles, as performed with aa_change_profile(2), there is always the possibility that the new profile is -more permissive than the old profile but that possibility is eliminated when +more permissive than the old profile, but that possibility is eliminated when using aa_stack_profile(). To stack a profile with the current confinement context, a task can use the @@ -68,7 +68,7 @@ The aa_stack_onexec() function is like the aa_stack_profile() function except it specifies that the stacking should take place on the next exec instead of immediately. The delayed profile change takes precedence over any exec transition rules within the confining profile. Delaying the stacking -boundary has a couple of advantages, it removes the need for stub transition +boundary has a couple of advantages: it removes the need for stub transition profiles and the exec boundary is a natural security layer where potentially sensitive memory is unmapped.