[apparmor] [PATCH 2/2] Add an example parser.conf file
John Johansen
john.johansen at canonical.com
Fri Oct 7 18:34:25 UTC 2011
On 10/07/2011 11:17 AM, Kees Cook wrote:
> I'd like to see the code that will parse this first...
See commit r1769
It adds a little front end to the arg parsing code and shares that
>
> On Fri, Oct 07, 2011 at 02:54:56AM -0700, John Johansen wrote:
>> Signed-off-by: John Johansen <john.johansen at canonical.com>
>> ---
>> parser/Makefile | 1 +
>> parser/apparmor-parser.spec.in | 1 +
>> parser/parser.conf | 58 ++++++++++++++++++++++++++++++++++++++++
>> 3 files changed, 60 insertions(+), 0 deletions(-)
>> create mode 100644 parser/parser.conf
>>
>> diff --git a/parser/Makefile b/parser/Makefile
>> index a98fba8..92fe862 100644
>> --- a/parser/Makefile
>> +++ b/parser/Makefile
>> @@ -288,6 +288,7 @@ install-arch: $(INSTALLDEPS)
>> install-indep:
>> install -m 755 -d $(INSTALL_CONFDIR)
>> install -m 644 subdomain.conf $(INSTALL_CONFDIR)
>> + install -m 644 parser.conf $(INSTALL_CONFDIR)
>> install -m 755 -d ${DESTDIR}/var/lib/apparmor
>> install -m 755 -d $(APPARMOR_BIN_PREFIX)
>> install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
>> diff --git a/parser/apparmor-parser.spec.in b/parser/apparmor-parser.spec.in
>> index d16174f..59986bb 100644
>> --- a/parser/apparmor-parser.spec.in
>> +++ b/parser/apparmor-parser.spec.in
>> @@ -103,6 +103,7 @@ make install DESTDIR=${RPM_BUILD_ROOT} \
>> /etc/init.d/aaeventd
>> %endif
>> %config(noreplace) /etc/apparmor/subdomain.conf
>> +%config(noreplace) /etc/apparmor/parser.conf
>> /var/lib/apparmor
>> %dir %attr(-, root, root) %{apparmor_bin_prefix}
>> %{apparmor_bin_prefix}/rc.apparmor.functions
>> diff --git a/parser/parser.conf b/parser/parser.conf
>> new file mode 100644
>> index 0000000..9cd2db7
>> --- /dev/null
>> +++ b/parser/parser.conf
>> @@ -0,0 +1,58 @@
>> +# parser.conf is a global AppArmor config file for the apparmor_parser
>> +#
>> +# It can be used to specify the default options for the parser, which
>> +# can then be overriden by options passed on the command line.
>> +#
>> +# Leading whitespace is ignored and lines that begin with # are treated
>> +# as comments.
>> +#
>> +# Config options are specified one per line using the same format as the
>> +# longform command line options (without the preceding --).
>> +#
>> +# If a value is specified twice the last version to appear is used.
>> +
>> +## Suppress Warnings
>> +#quiet
>> +
>> +## Be verbose
>> +#verbose
>> +
>> +## Set include path
>> +#Include /etc/apparmor.d/abstractions
>> +
>> +## Set location of apparmor filesystem
>> +#subdomainfs /sys/kernel/security/apparmor
>> +
>> +## Set match-string to use - for forcing compiler to treat different kernels
>> +## the same
>> +# match-string "pattern=aadfa audit perms=crwxamlk/ user::other"
>> +
>> +## Turn creating/updating of the cache on by default
>> +#write-cache
>> +
>> +## Show cache hits
>> +#show-cache
>> +
>> +## skip cached policy
>> +#skip-cache
>> +
>> +## skip reading cache but allow updating
>> +#skip-read-cache
>> +
>> +
>> +#### Set Optimizaions. Multiple Optimizations can be set, one per line ####
>> +# For supported optimizations see
>> +# apparmor_parser --help=O
>> +
>> +## Turn on equivalence classes
>> +#equiv
>> +
>> +## Turn off expr tree simplification
>> +#Optimize=no-expr-simplify
>> +
>> +## Turn off DFA minimization
>> +#Optimize=no-minimize
>> +
>> +## Adjust compression
>> +#Optimize=compress-small
>> +#Optimize=compress-fast
>> --
>> 1.7.5.4
>>
>>
>> --
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
More information about the AppArmor
mailing list