[apparmor] [PATCH 2/2] Add an example parser.conf file
Kees Cook
kees at ubuntu.com
Fri Oct 7 18:17:41 UTC 2011
I'd like to see the code that will parse this first...
On Fri, Oct 07, 2011 at 02:54:56AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/Makefile | 1 +
> parser/apparmor-parser.spec.in | 1 +
> parser/parser.conf | 58 ++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 60 insertions(+), 0 deletions(-)
> create mode 100644 parser/parser.conf
>
> diff --git a/parser/Makefile b/parser/Makefile
> index a98fba8..92fe862 100644
> --- a/parser/Makefile
> +++ b/parser/Makefile
> @@ -288,6 +288,7 @@ install-arch: $(INSTALLDEPS)
> install-indep:
> install -m 755 -d $(INSTALL_CONFDIR)
> install -m 644 subdomain.conf $(INSTALL_CONFDIR)
> + install -m 644 parser.conf $(INSTALL_CONFDIR)
> install -m 755 -d ${DESTDIR}/var/lib/apparmor
> install -m 755 -d $(APPARMOR_BIN_PREFIX)
> install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
> diff --git a/parser/apparmor-parser.spec.in b/parser/apparmor-parser.spec.in
> index d16174f..59986bb 100644
> --- a/parser/apparmor-parser.spec.in
> +++ b/parser/apparmor-parser.spec.in
> @@ -103,6 +103,7 @@ make install DESTDIR=${RPM_BUILD_ROOT} \
> /etc/init.d/aaeventd
> %endif
> %config(noreplace) /etc/apparmor/subdomain.conf
> +%config(noreplace) /etc/apparmor/parser.conf
> /var/lib/apparmor
> %dir %attr(-, root, root) %{apparmor_bin_prefix}
> %{apparmor_bin_prefix}/rc.apparmor.functions
> diff --git a/parser/parser.conf b/parser/parser.conf
> new file mode 100644
> index 0000000..9cd2db7
> --- /dev/null
> +++ b/parser/parser.conf
> @@ -0,0 +1,58 @@
> +# parser.conf is a global AppArmor config file for the apparmor_parser
> +#
> +# It can be used to specify the default options for the parser, which
> +# can then be overriden by options passed on the command line.
> +#
> +# Leading whitespace is ignored and lines that begin with # are treated
> +# as comments.
> +#
> +# Config options are specified one per line using the same format as the
> +# longform command line options (without the preceding --).
> +#
> +# If a value is specified twice the last version to appear is used.
> +
> +## Suppress Warnings
> +#quiet
> +
> +## Be verbose
> +#verbose
> +
> +## Set include path
> +#Include /etc/apparmor.d/abstractions
> +
> +## Set location of apparmor filesystem
> +#subdomainfs /sys/kernel/security/apparmor
> +
> +## Set match-string to use - for forcing compiler to treat different kernels
> +## the same
> +# match-string "pattern=aadfa audit perms=crwxamlk/ user::other"
> +
> +## Turn creating/updating of the cache on by default
> +#write-cache
> +
> +## Show cache hits
> +#show-cache
> +
> +## skip cached policy
> +#skip-cache
> +
> +## skip reading cache but allow updating
> +#skip-read-cache
> +
> +
> +#### Set Optimizaions. Multiple Optimizations can be set, one per line ####
> +# For supported optimizations see
> +# apparmor_parser --help=O
> +
> +## Turn on equivalence classes
> +#equiv
> +
> +## Turn off expr tree simplification
> +#Optimize=no-expr-simplify
> +
> +## Turn off DFA minimization
> +#Optimize=no-minimize
> +
> +## Adjust compression
> +#Optimize=compress-small
> +#Optimize=compress-fast
> --
> 1.7.5.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Kees Cook
More information about the AppArmor
mailing list