On 2015-05-29 01:39:14, John Johansen wrote: > Signed-off-by: John Johansen <[email protected]> > --- > libraries/libapparmor/doc/aa_query_label.pod | 107 > +++++++++++++++++++++++++++ > 1 file changed, 107 insertions(+) > create mode 100644 libraries/libapparmor/doc/aa_query_label.pod > > diff --git a/libraries/libapparmor/doc/aa_query_label.pod > b/libraries/libapparmor/doc/aa_query_label.pod > new file mode 100644 > index 0000000..9aa563a > --- /dev/null > +++ b/libraries/libapparmor/doc/aa_query_label.pod > @@ -0,0 +1,107 @@ > +# This publication is intellectual property of Canonical Ltd. Its contents > +# can be duplicated, either in part or in whole, provided that a copyright > +# label is visibly located on each copy. > +# > +# All information found in this book has been compiled with utmost > +# attention to detail. However, this does not guarantee complete accuracy. > +# Neither Canonical Ltd, the authors, nor the translators shall be held > +# liable for possible errors or the consequences thereof. > +# > +# Many of the software and hardware descriptions cited in this book > +# are registered trademarks. All trade names are subject to copyright > +# restrictions and may be registered trade marks. Canonical Ltd. > +# essentially adhere to the manufacturer's spelling. > +# > +# Names of products and trademarks appearing in this book (with or without > +# specific notation) are likewise subject to trademark and trade protection > +# laws and may thus fall under copyright restrictions. > +# > + > + > +=pod > + > +=head1 NAME > + > +aa_query_label - query access permission associated with a label > + > +=head1 SYNOPSIS > + > +B<#include E<lt>sys/apparmor.hE<gt>> > + > +B<int aa_query_label((uint32_t mask, char *query, size_t size, int *allowed, > + int *audited);> > + > +Link with B<-lapparmor> when compiling. > + > +=head1 DESCRIPTION > + > +The aa_query_label function fetches the current permissions granted by the > +specified I<label> in the I<query> string. > + > +The query is a raw binary formated query, containing the label and > +permission query to make. The returned I<allowed> and I<audited> values are > +interpreted boolean values, simple stating whether the query is allowed and > +if it is audited. > + > +The mask of the query string is a bit mask of permissions to query and is > +class type dependent (see AA_CLASS_xxx) entries in I<sys/apparmor.h>. > + > +The format of the query string is also dependent on the B<AA_CLASS> and as > +such the the aa_query_xxx helper functions should be usually be used instead > +of directly using I<aa_query_label>. If directly using the interface the > +I<query> string is required to have a header of B<AA_QUERY_CMD_LABEL_SIZE> > +that will be used by I<aa_query_label>. > + > +=head1 RETURN VALUE > + > +On success 0 is returned, and the I<allowed> and I<audited> parameters > +contain a boolean value of 0 not allowed/audited or 1 allowed/audited. On > +error, -1 is returned, and errno(3) is set appropriately. > + > +=head1 ERRORS > + > +=over 4 > + > +=item B<EINVAL> > + > +The requested I<mask> is empty. > + > +The I<size> of the query is E<lt> the query B<AA_QUER?Y_CMD_LABEL_SIZE> > + > +The apparmor kernel module is not loaded or the he kernel interface access > +interface is not available > + > +=item B<ENOMEM> > + > +Insufficient memory was available. > + > +=item B<EACCES> > + > +Access to the specified I<label> or query interface was denied. > + > +=item B<ENOENT> > + > +The specified I<label> does not exist or is not visible. > + > +=item B<ERANGE> > + > +The confinement data is too large to fit in the supplied buffer. > + > +=back > + > +=head1 NOTES > + > +The label permissions returned are only valid for the time of the > +query and can change at any point in the future. > + > +=head1 BUGS > + > +None known. If you find any, please report them at > +L<https://bugs.launchpad.net/apparmor/+filebug>. > + > +=head1 SEE ALSO > + > +apparmor(7), apparmor.d(5), apparmor_parser(8), aa_get_con(2), > aa_split_con(2) > +and L<http://wiki.apparmor.net>.
* "aa_get_con(2)" should be "aa_getcon(2)" - underscore removal * "aa_split_con(2)" should be "aa_splitcon(3)" - underscore removal - section correction With those changes plus the ones suggested by cboltz, Acked-by: Tyler Hicks <[email protected]> Tyler > + > +=cut > -- > 2.1.4 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
