On Tue, Feb 14, 2012 at 09:32:31AM -0800, John Johansen wrote: > Add the optional 'file' keyword to the language/grammer. The main reason > for doing this is to support false token injection. Which is needed > to move towards the parser being broken out into an api that can be > used to parse individual rule types, separate from parsing the whole file. > > Since we are adding the token to the grammar expose it to userspace with > the 'file' keyword. While not needed it helps bring consistency, as all > the other rule types start with a keyword (capability, network, rlimit, ...). > > Also allow the bare keyword to be used to represent allowing all file > operations, just as with network and capability. Domain transitions are > defaulted to ix. Thus > > file, > > is equivalent to > > /** rwlkmix, > > Signed-off-by: John Johansen <[email protected]>
Oh, very cool. I like this. :) Acked-by: Kees Cook <[email protected]> -- Kees Cook -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
