[apparmor] [PATCH] parser: Document that pivot_root arguments must end in '/'
Tyler Hicks
tyhicks at canonical.com
Fri May 2 17:46:51 UTC 2014
Mention, in the apparmor.d man page, that pivot_root arguments must end
with a '/' character since they are directories.
The parser currently allows pivot_root arguments that do not end in '/',
but those rules will always fail to match.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Cc: Jamie Strandboge <jamie at canonical.com>
---
Jamie asked for a mention in the man page that pivot_root arguments must end in
'/'. (see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/7)
Additionally, Jamie mentioned that the variable expansion issue (see
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/3)
should possibly be documented in the pivot_root section. I didn't add anything
about variable expansion in this patch because, AFAIU, it isn't specific to
pivot_root rules. This is a variable expansion bug that affects all rule types
and should simply be fixed.
parser/apparmor.d.pod | 3 +++
1 file changed, 3 insertions(+)
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index dd1e6ff..141db36 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -668,6 +668,9 @@ AppArmor 'pivot_root' rules can specify a profile transition to occur during
the pivot_root(2) system call. Note that AppArmor will only transition the
process calling pivot_root(2) to the new profile.
+The paths specified in 'pivot_root' rules must end with '/' since they are
+directories.
+
Here are some example 'pivot_root' rules:
# Allow any pivot
--
1.9.1
More information about the AppArmor
mailing list