[apparmor] [PATCH] update man page for recent mount rule additions
Steve Beattie
steve at nxnw.org
Wed Apr 11 04:04:00 UTC 2012
On Tue, Apr 10, 2012 at 05:06:59PM -0500, Jamie Strandboge wrote:
> Attached is an updated patch. It adds some language to "2. If a
> conditional is specified using 'in'..." and "KNOWN BUGS".
> @@ -328,6 +355,248 @@
> network inet tcp, #allow access to tcp only for inet4 addresses
> network inet6 tcp, #allow access to tcp only for inet6 addresses
>
> +=head2 Mount Rules
> +
> +AppArmor supports mount mediation and allows specifying filesystem types and
> +mount flags. The syntax of mount rules in AppArmor is based on mount rule
> +syntax. Mount rules must contain one of the mount, remount, umount or
> +pivot_root keywords, but all mount conditions are optional. Unspecified
> +optional conditionals are assumed to match all entries (eg, not specifying
> +fstype means all fstypes are matched). Due to the complexity of the mount
> +command and how options may be specified, AppArmor allows specifying
> +conditionals two different ways:
> +
> +=item 1.
> +
> +If a conditional is specified using '=', then the rule only grants permission
> +for mounts matching the exactly specified options. For example, an AppArmor
> +policy with the following rule:
> +
> +=over 4
So, back when I fixed the Makefile in libraries/libapparmor/doc to add
--stderr to pod2man, I forgot to do it for the rest of the locations
where manpages are generated, such as in the parser directory and
apparmor.d.5, which masks the error message that the =item section
occurs outside of an =over section (it gets added as a section to the
bottom of the manpage).
Attached is a patch to add --stderr to the common rules for generating
manpages (and adjust it so that it's one rule instead of eight). It
also fixes the above problem and a similar problem in the aa-exec
manpage. It doesn't look like pod2html supports such an option, so
I didn't adjust the rules for generating that, and I couldn't find an
option to pod2man to turn emitting anything to stderr into an error,
much to Christian's disappointment, I'm sure.
---
common/Make.rules | 25 ++-----------------------
parser/apparmor.d.pod | 2 ++
utils/aa-exec.pod | 2 ++
3 files changed, 6 insertions(+), 23 deletions(-)
Index: b/common/Make.rules
===================================================================
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -206,29 +206,8 @@ install_manpages: $(MANPAGES)
MAN_RELEASE="AppArmor ${VERSION}"
-%.1: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=1 > $@
-
-%.2: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=2 > $@
-
-%.3: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=3 > $@
-
-%.4: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=4 > $@
-
-%.5: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=5 > $@
-
-%.6: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=6 > $@
-
-%.7: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=7 > $@
-
-%.8: %.pod
- $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --section=8 > $@
+%.1 %.2 %.3 %.4 %.5 %.6 %.7 %.8: %.pod
+ $(POD2MAN) $< --release=$(MAN_RELEASE) --center=AppArmor --stderr --section=$(subst .,,$(suffix $@)) > $@
%.1.html: %.pod
$(POD2HTML) --header --css apparmor.css --infile=$< --outfile=$@
Index: b/parser/apparmor.d.pod
===================================================================
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -366,6 +366,8 @@ fstype means all fstypes are matched). D
command and how options may be specified, AppArmor allows specifying
conditionals two different ways:
+=over 4
+
=item 1.
If a conditional is specified using '=', then the rule only grants permission
Index: b/utils/aa-exec.pod
===================================================================
--- a/utils/aa-exec.pod
+++ b/utils/aa-exec.pod
@@ -82,6 +82,8 @@ arguments after the -- are treated as ar
useful when passing arguments to the I<E<lt>commandE<gt>> being invoked by
aa-exec.
+=back
+
=head1 BUGS
If you find any bugs, please report them at
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120410/67fcd65f/attachment-0001.pgp>
More information about the AppArmor
mailing list