mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update AppArmorFeatureABI

John Johansen 2020-07-05 07:43:54 +00:00
parent 73018ee397
commit 6b70797b4a
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
AppArmorFeatureABI.md

@ -145,10 +145,10 @@ The Policy DB state machine encodes binary support for a rule class in the targe
graph TD;
Start State -- Class File --> File State (read - file supported);
Start State -- Class Signal --> Signal State (no perms - Signal not supported);
Start State -- Class Network --> Network State (read - Network supported)
Start State -- Class Network --> Network State (read - Network supported);
File State -- / --> File Internal State;
Class Network -- subclass Unix --> Unix State (no perms - unix not supported)
Class Network -- subclass IPv4 --> IPv4 State (read - IPv4 supported)
Class Network -- subclass Unix --> Unix State (no perms - unix not supported);
Class Network -- subclass IPv4 --> IPv4 State (read - IPv4 supported);
```
This allows the kernel to detect whether the policy had supported a given rule class. The policy can be encoded to have the state transition even if the kernel does not support a given class, in which case the kernel will not know to query the class.