On Wed, Nov 16, 2016 at 07:45:03PM +0100, Christian Boltz wrote: > Hello, > > The apparmor.d description about alias rules was broken in multiple > ways. The manpage > - didn't include the alias keyword > - listed alias rules in the "COMMA RULES" section - while that's correct > for the comma requirement, it's also wrong because COMMA RULES is > meant to be inside a profile > - didn't list alias rules in the PREAMBLE section > > This patch fixes this. > > It also moves the definition of VARIABLE, VARIABLE ASSIGNMENT (both > unchanged) and ALIAS RULE next to PREAMBLE. > > > I propose this patch for trunk and 2.10.
Acked for both, Acked-by: Seth Arnold <[email protected]> Thanks > > The patch doesn't apply cleanly on the 2.9 apparmor.d manpage, and > people still using 2.9 probably found out in the meantime how things > work ;-) > > > [ apparmor.d.pod-alias.diff ] > > === modified file 'parser/apparmor.d.pod' > --- parser/apparmor.d.pod 2016-10-14 18:32:48 +0000 > +++ parser/apparmor.d.pod 2016-11-16 18:42:50 +0000 > @@ -46,8 +46,14 @@ > > B<PROFILE FILE> = ( [ I<PREAMBLE> ] [ I<PROFILE> ] )* > > -B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<INCLUDE> )* > - Variable assignment must come before the profile. > +B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<ALIAS RULE> | > I<INCLUDE> )* > + Variable assignment and alias rules must come before the profile. > + > +B<VARIABLE ASSIGNMENT> = I<VARIABLE> ('=' | '+=') (space separated values) > + > +B<VARIABLE> = '@{' I<ALPHA> [ ( I<ALPHANUMERIC> | '_' ) ... ] '}' > + > +B<ALIAS RULE> = 'alias' I<ABS PATH> '-E<gt>' I<REWRITTEN ABS PATH> ',' > > B<INCLUDE> = '#include' ( I<ABS PATH> | I<MAGIC PATH> ) > > @@ -80,7 +86,7 @@ > > B<LINE RULES> = ( I<COMMENT> | I<INCLUDE> ) [ '\r' ] '\n' > > -B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | > I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | > I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<ALIAS RULE> | I<DBUS RULE> ) > +B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | > I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | > I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<DBUS RULE> ) > > B<BLOCK RULES> = ( I<SUBPROFILE> | I<HAT> | I<QUALIFIER BLOCK> ) > > @@ -267,12 +273,6 @@ > > B<LINK RULE> = I<QUALIFIERS> [ 'owner' ] 'link' [ 'subset' ] I<FILEGLOB> ( > 'to' | '-E<gt>' ) I<FILEGLOB> > > -B<VARIABLE> = '@{' I<ALPHA> [ ( I<ALPHANUMERIC> | '_' ) ... ] '}' > - > -B<VARIABLE ASSIGNMENT> = I<VARIABLE> ('=' | '+=') (space separated values) > - > -B<ALIAS RULE> = I<ABS PATH> '-E<gt>' I<REWRITTEN ABS PATH> > - > B<ALPHA> = ('a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z') > > B<ALPHANUMERIC> = ('0', '1', '2', ... '9', 'a', 'b', 'c', ... 'z', 'A', 'B', > ... 'Z') > > >
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
