mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser/apparmor_parser.pod
John Johansen cd79c1ac77 update copyright dates
2007-04-11 08:12:51 +00:00

111 lines
3.2 KiB
Text
Raw Blame History

# $Id$
# ----------------------------------------------------------------------
# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
# NOVELL (All rights reserved)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, contact Novell, Inc.
# ----------------------------------------------------------------------
=pod
=head1 NAME
apparmor_parser - loads AppArmor profiles into the kernel
=head1 SYNOPSIS
B<apparmor_parser [-adrR] [--add] [--debug] [--replace] [--remove]
[--preprocess] [--Include n] [--base n] [ --Complain ]>
B<apparmor_parser [-hv] [--help] [--version]>
=head1 DESCRIPTION
B<apparmor_parser> is used to import new apparmor.d(5) profiles
into the Linux kernel. The profiles restrict the operations available
to processes by executable name.
The profiles are loaded into the Linux kernel by the B<apparmor_parser>
program, which takes its input from standard input. The input supplied to
B<apparmor_parser> should be in the format described in apparmor.d(5).
=head1 OPTIONS
=over 4
=item -a, --add
Insert the AppArmor definitions given into the kernel. This is the default
action. This gives an error message if a AppArmor definition by the same
name already exists in the kernel, or if the parser doesn't understand
its input. It reports when an addition succeeded.
=item -r, --replace
This flag is required if an AppArmor definition by the same name already
exists in the kernel; used to replace the definition already
in the kernel with the definition given on standard input.
=item -R, --remove
This flag is used to remove an AppArmor definition already in the kernel.
Note that it still requires a complete AppArmor definition as described
in apparmor.d(5) even though the contents of the definition aren't
used.
=item -p, --preprocess
Parse the profile(s) and process include directives and output the
result to stdout.
=item -I n, --Include n
Add element n to the search path when resolving #include directives
defined as an absolute paths.
=item -b n, --base n
Set the base directory for resolving #include directives
defined as relative paths.
=item -C, --Complain
Load the profile in complain mode.
=item -h, --help
Give a quick reference guide.
=item -v, --version
Print the version number and exit.
=item -d, --debug
Given once, only checks the profiles to ensure syntactic correctness.
Given twice, dumps its interpretation of the profile for checking.
=back
=head1 BUGS
None known. If you find any, please report them to bugzilla at
L<http://bugzilla.novell.com>.
=head1 SEE ALSO
apparmor(7), apparmor.d(5), subdomain.conf(5), change_hat(2), and
L<http://forge.novell.com/modules/xfmod/project/?apparmor>.
=cut
Reference in a new issue View git blame Copy permalink