The RETURN VALUE section contained two typos where "kernel_features" was
used instead of "kernel_interface".
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Callers of aa_features_unref(), aa_kernel_interface_unref(), and
aa_policy_cache_unref() had to store off errno and restore it after
calling those functions in error paths. This patch preserves errno
across those *_unref() functions so that callers don't have to.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
This makes some of the references to functions in the aa_query_label(2)
manpage more consistent and fixes a couple of grammar issues. It also
tries to make the qualifying statements in apparmor.d(5) more distinct,
and also fixes some typos there as well.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Modeled after the aa_change_profile(2) man page, this profile defines
the libapparmor and kernel interfaces for the in-progress profile
stacking feature.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
I suspect that the incorrect description of EPERM was copied from
the aa_change_hat man page, where it is possible to see EPERM if the
application is not confined by AppArmor.
This patch corrects the description by documenting that the only
possible way to see EPERM is if a confined application has the
no_new_privs bit set.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
It is possible that file descriptors will be revalidated after an
aa_change_profile() but there is a lot of complexity involved that
doesn't need to be spelled out in the man page. Instead, mention that
revalidation is possible but the only way to ensure that file
descriptors are not passed on is to close them.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
The statement was meant to convey the difference between aa_change_hat()
and aa_change_profile(). Unfortunately, it read as if there was
something preventing a program from using aa_change_profile() twice to
move from profile A to profile B and back to profile A, even if profiles
A and B contained the necessary rules.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
Remove extra leading parenthesis from some of the function prototypes.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Swap aa_query_link_path_len() and aa_query_link_path() to match the
order of aa_query_file_path() and aa_query_file_path_len().
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Doing manual line wraps resulted in an unreadable SYNOPSIS section.
Allow man to handle line wrapping the function prototypes itself.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
aa_query_file_path, aa_query_file_path_len, aa_query_link_path, and
aa_query_link_path_len were omitted from the NAME section.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Create a section 3 man page for the aa_policy_cache family of functions.
Additionally, update the in-code descriptions to match the descriptions
in the man page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Create a section 3 man page for the aa_kernel_interface family of
functions. Additionally, update the in-code descriptions to match the
descriptions in the man page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Create a section 3 man page for the aa_features family of functions.
Additionally, update the in-code descriptions to match the descriptions
in the man page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johanse@canonical.com>
Adjust the internal splitcon() function to strip a single trailing
newline character when the bool strip_newline argument is true.
aa_getprocattr_raw(2) needs to set strip_newline to true since the
kernel appends a newline character to the end of the AppArmor contexts
read from /proc/>PID>/attr/current.
aa_splitcon(3) also sets strip_newline to true since it is unknown
whether the context is originated from a location that appends a newline
or not.
aa_getpeercon_raw(2) does not set strip_newline to true since it is
unexpected for the kernel to append a newline to the the buffer returned
from getsockopt(2).
This patch also creates tests specifically for splitcon() and updates
the aa_splitcon(3) man page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Create a new libapparmor public function that allows external code to
split an AppArmor confinement context.
This is immediately useful for code that retrieves a D-Bus peer's
AppArmor confinement context using the
org.freedesktop.DBus.GetConnectionCredentials bus method.
https://launchpad.net/bugs/1430532
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The correct usage of the terms context and label is not clear in the
aa_getcon(2) man page. The aa_getcon(2) family of functions are also
prototyped incorrectly since the *con parameter represents a label and
not a context.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Get rid of the relics in libapparmor's Makefile.am for generating
tarballs from svn, which is no longer relevant. Also clean generated
manpages during make clean rather than just make maintainer-clean.
This patch adds the --enable-man-pages option, defaulting to "yes", to
libapparmor's configure stage so that libapparmor can be built on
systems lacking Perl.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
The configure script fails if pod2man isn't available since PROG_POD2MAN
is called unconditionally so it is safe to split man page generation out
of the --with-perl configure option.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This patch adds a 'check_pod_files' make target to the common make
rules, and then fixes the errors it highlighted as well as most of
the warnings. It will cause 'make check' in most of the directories to
fail if there are errors in a pod file (but not if there are warnings).
Common issues were:
- using an '=over/=back' pair for code-like snippets that did not
contain any =items therein; the =over keyword is intended for
indenting lists of =item entries, and generates a warning if
there isn't any.
- not escaping '<' or '>'
- blank lines that contained spaces or tabs
The second -warnings flag passed to podchecker is to add additional
warnings, un-escaped '<' and '>' being of them.
I did not fix all of the warnings in apparmor.d.pod, as I have not come
up with a good warning-free way to express the BNF of the language
similar in format to what is currently generated. The existing
libapparmor warnings (complaints about duplicate =item definition
names) are actually a result of passing the second -warnings flag.
The integration into libapparmor is suboptimal due to automake's
expectation that there will be a test driver program(s) for make check
targets; that's why I added the podchecker call to the manpage
generation point.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
changehat/mod_apparmor/Makefile | 3
changehat/mod_apparmor/mod_apparmor.pod | 28 ++-
common/Make.rules | 4
libraries/libapparmor/doc/Makefile.am | 7
parser/Makefile | 2
parser/apparmor.d.pod | 275
+++++++++++++-------------------
utils/Makefile | 3
utils/aa-cleanprof.pod | 2
utils/aa-complain.pod | 2
utils/aa-decode.pod | 2
utils/aa-easyprof.pod | 69 +++-----
utils/aa-enforce.pod | 2
utils/aa-genprof.pod | 2
utils/aa-logprof.pod | 6
utils/aa-sandbox.pod | 64 ++-----
utils/logprof.conf.pod | 2
utils/vim/Makefile | 2
17 files changed, 212 insertions(+), 263 deletions(-)
(The broken URLs were introduced in r1582.)
for utils/*.pod:
Acked-by: Steve Beattie <steve@nxnw.org>
for the other directories:
Patch by Steve Beattie
Acked-by: Christian Boltz <apparmor@cboltz.de>
The aa_getcon man page only implies that the *mode strings returned by
aa_getprocattr(), aa_gettaskcon(), aa_getcon(), and aa_getpeercon()
should not be freed. A developer using the man page to build against
libapparmor may miss that subtlety and end up hitting double free issues.
This patch makes the man page more clear, makes the function comments
more clear, and changes the aa_getprocattr() *buf param to *con. The use
of *buf should reserved for the aa_get*_raw() functions that do not
allocate a buffer for the confinement context and all documents now
clearly mention that *con must be freed.
Additionally, this patch removes the line wrapping of the
aa_getprocattr_raw() prototype in the aa_getcon man page source. The
line wrapping caused incorrect formatting of the function prototype when
viewing the man page.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Add aa_getpeercon_raw() to the man page and adjust aa_getpeercon()
prototype to include the new mode parameter.
Also, explain the significance of ERANGE for aa_getpeercon_raw() and fix
a misspelling in the meaning of ERANGE.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
aa_getprocattr is returning the size of the buffer not the size of the
data read that it is supposed to return. Also update the man page to
reflect the return value as documented in the functions, and update
the test cases to check the return value.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Steve Beattie <sbeattie@ubuntu.com>
From: Kees Cook <kees@ubuntu.com>
This is a trivial manpage fix that makes pod2man stop yelling at me.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
From: Steve Beattie <sbeattie@ubuntu.com>
This patch adds --stderr to pod2man to make it report errors, as well as
fixes a few other minor text issues I noticed.
Acked-by: Kees Cook <kees@ubuntu.com>
This documentation should have been checked in as part of the patches
that added aa_is_confined and aa_get_con.
Signed-off-by: John Johansen <john.johansen@canonical.com>
