mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update AppArmorFeatureABI

John Johansen 2020-07-05 08:55:36 +00:00
parent 3fbbfb366f
commit be6cb0be2f
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
AppArmorFeatureABI.md

@ -150,9 +150,15 @@ graph LR;
N(Network State: read perm<br> Network supported) --> |subclass Unix| U([Unix State: no perms<br> unix not supported]);
N --> |subclass IPv4| I(IPv4 State: read perms<br>IPv4 supported);
I --> |Address Family| ipv4(Internal IPv4 State);
Fi --> Y1[...];
Fi --> Y2[...];
Fi --> Y3[...];
Fi --> Y4[...];
Fi --> Y5[...];
ipv4 --> X1[...];
ipv4 --> X2[...];
ipv4 --> X3[...];
ipv4 --> X4[...];
```
This allows the kernel to detect whether the policy had supported a given rule class. The policy can be encoded to have the state transition even if the kernel does not support a given class, in which case the kernel will not know to query the class.