[apparmor] [PATCH] parser: Document that pivot_root arguments must end in '/'
Seth Arnold
seth.arnold at canonical.com
Fri May 2 18:02:50 UTC 2014
On Fri, May 02, 2014 at 12:46:51PM -0500, Tyler Hicks wrote:
> Mention, in the apparmor.d man page, that pivot_root arguments must end
> with a '/' character since they are directories.
>
> The parser currently allows pivot_root arguments that do not end in '/',
> but those rules will always fail to match.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Cc: Jamie Strandboge <jamie at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Thanks
> ---
>
> Jamie asked for a mention in the man page that pivot_root arguments must end in
> '/'. (see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/7)
>
> Additionally, Jamie mentioned that the variable expansion issue (see
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1305244/comments/3)
> should possibly be documented in the pivot_root section. I didn't add anything
> about variable expansion in this patch because, AFAIU, it isn't specific to
> pivot_root rules. This is a variable expansion bug that affects all rule types
> and should simply be fixed.
>
> parser/apparmor.d.pod | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index dd1e6ff..141db36 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -668,6 +668,9 @@ AppArmor 'pivot_root' rules can specify a profile transition to occur during
> the pivot_root(2) system call. Note that AppArmor will only transition the
> process calling pivot_root(2) to the new profile.
>
> +The paths specified in 'pivot_root' rules must end with '/' since they are
> +directories.
> +
> Here are some example 'pivot_root' rules:
>
> # Allow any pivot
> --
> 1.9.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140502/9da2754f/attachment.pgp>
More information about the AppArmor
mailing list