Hello, $subject. I already did this in the python code a month ago, and now realized that we should also update the apparmor.d manpage ;-)
As a sidenote - would it be over-engeneered to use something like
B<DOMAIN> = @@NETWORK_DOMAIN_KEYWORDS@@
and then have a script that adjusts it (based on kernel features and/or
the python code)?
I propose this patch for trunk and 2.10.
(not for 2.9 because the 2.9 apparmor.d manpage is completely out of sync)
[ apparmor.d-network-kcm.diff ]
=== modified file 'parser/apparmor.d.pod'
--- parser/apparmor.d.pod 2016-06-01 20:55:14 +0000
+++ parser/apparmor.d.pod 2016-10-13 19:12:33 +0000
@@ -105,7 +105,7 @@
B<NETWORK RULE> = [ I<QUALIFIERS> ] 'network' [ I<DOMAIN> ] [ I<TYPE> |
I<PROTOCOL> ]
-B<DOMAIN> = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' |
'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet'
| 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' |
'bluetooth' | 'netlink' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' |
'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' |
'mpls' | 'ib' ) ','
+B<DOMAIN> = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' |
'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'packet'
| 'ash' | 'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' | 'wanpipe' |
'bluetooth' | 'netlink' | 'unix' | 'rds' | 'llc' | 'can' | 'tipc' | 'iucv' |
'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' |
'mpls' | 'ib' | 'kcm' ) ','
B<TYPE> = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
Regards,
Christian Boltz
--
Your mail is 7 pages of printout. Do you seriously expect people that do
openSUSE in their free time to read that? Little less Castro, little
more JFK... [Stephan Kulow in opensuse-project]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
