mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
10529a6db7
This reverts commit 460c3d5b59.
The 4.0 ABI was pinned for the development cycle but it can cause
in-tree uses of parser/parser.conf to fail if it cannot find the 4.0
file in /etc/apparmor.d/abi/.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
79 lines
2.2 KiB
Text
79 lines
2.2 KiB
Text
# parser.conf is a global AppArmor config file for the apparmor_parser
|
|
#
|
|
# It can be used to specify the default options for the parser, which
|
|
# can then be overridden by options passed on the command line.
|
|
#
|
|
# Leading whitespace is ignored and lines that begin with # are treated
|
|
# as comments.
|
|
#
|
|
# Config options are specified one per line using the same format as the
|
|
# longform command line options (without the preceding --).
|
|
#
|
|
# If a value is specified twice the last version to appear is used.
|
|
|
|
## Suppress Warnings
|
|
#quiet
|
|
|
|
## Be verbose
|
|
#verbose
|
|
|
|
## Set additional include path
|
|
#Include /etc/apparmor.d/
|
|
# or
|
|
#Include /usr/share/apparmor
|
|
|
|
|
|
## Set location of apparmor filesystem
|
|
#subdomainfs /sys/kernel/security/apparmor
|
|
|
|
## Set match-string to use - for forcing compiler to treat different kernels
|
|
## the same
|
|
# match-string "pattern=aadfa audit perms=crwxamlk/ user::other"
|
|
|
|
## Turn creating/updating of the cache on by default
|
|
#write-cache
|
|
|
|
## Show cache hits
|
|
#show-cache
|
|
|
|
## skip cached policy
|
|
#skip-cache
|
|
|
|
## skip reading cache but allow updating
|
|
#skip-read-cache
|
|
|
|
|
|
#### Set Optimizations. Multiple Optimizations can be set, one per line ####
|
|
# For supported optimizations see
|
|
# apparmor_parser --help=O
|
|
|
|
## Turn on equivalence classes
|
|
#equiv
|
|
|
|
## Turn off expr tree simplification
|
|
#Optimize=no-expr-simplify
|
|
|
|
## Turn off DFA minimization
|
|
#Optimize=no-minimize
|
|
|
|
## Adjust compression
|
|
#Optimize=compress-small
|
|
#Optimize=compress-fast
|
|
|
|
### The policy-features abi rule pins policy that does not have an abi
|
|
### rule to a given feature ABI. This enables apparmor 2.x developed
|
|
### policy to be used in AppArmor 3.x without the warning
|
|
### Warning from stdin (stdin line 1): apparmor_parser: File 'example'
|
|
### missing feature abi, falling back to default policy feature abi.
|
|
### For more info please see
|
|
### https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorpolicyfeaturesabi
|
|
|
|
### Turn off abi rule warnings without pinning the abi
|
|
#warn=no-abi
|
|
|
|
### Only a single feature ABI rule should be used at a time.
|
|
## Pin older policy to the 5.4 kernel abi
|
|
#policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla
|
|
|
|
## Pin older policy to the 5.4 kernel abi + out of tree network and af_unix
|
|
#policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network
|