mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-07 01:41:00 +01:00
fb510f8d5b
The apparmor_api abstractions make the mistake of including tunables
directly, which is a no-no since the variable definitions in tunables
need to occur in the preamble of a profile, not embedded within it.
This patch removes those includes, and replaces them documentation of
tunables are necessary, as some of the expected ones are not part of
tunables/global.
It also adjust the kernelvars tunable's definition of the @{pid}
regex, as the current parser does not support nesting of {} groupings,
which breaks any profile that attempts to use the tunable.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
22 lines
792 B
Text
22 lines
792 B
Text
# Copyright (C) 2012 Canonical Ltd.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
# This file should contain declarations to kernel vars or variables
|
|
# that will become kernel vars at some point
|
|
|
|
# until kernel vars are implemented
|
|
# and until the parser supports nested groupings like
|
|
# @{pid}=[1-9]{[0-9]{[0-9]{[0-9]{[0-9]{[0-9],},},},},}
|
|
# use
|
|
@{pid}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]}
|
|
|
|
#same pattern as @{pid} for now
|
|
@{tid}=@{pid}
|
|
|
|
#A pattern for pids that can appear
|
|
@{pids}=@{pid}
|