[apparmor] [PATCH 2/7] Update exec transition documentation.

[Christian Boltz]

Hello,

Am Samstag, 21. März 2015 schrieb John Johansen:
> Add miss ix and ux fallback permission modes, named profile
> transitions. Also fix the file access modes and rule pattern to
> properly reflect what is allowed.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  parser/apparmor.d.pod | 98
> ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed,
> 89 insertions(+), 9 deletions(-)
> 
> diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
> index ebc6490..5c97896 100644
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> @@ -195,11 +195,15 @@ B<UNIX ATTR COND> 'attr' '=' ( I<AARE> | '(' '"'
> I<AARE> '"' | I<AARE> ')' )
> 
>  B<UNIX OPT COND> 'opt' '=' ( I<AARE> | '(' '"' I<AARE> '"' | I<AARE>
> ')' )
> 
> -B<FILE RULE> = [ I<QUALIFIERS> ] [ 'owner' ] ( '"' I<FILEGLOB> '"' |
> I<FILEGLOB> ) I<ACCESS> ',' +B<FILE RULE> = [ I<QUALIFIERS> ] [
> 'owner' ] [ 'file' ] ( '"' I<FILEGLOB> '"' | I<FILEGLOB> ) I<ACCESS> 
> [ -E<gt> <EXEC TARGET> ] ','
> 
>  B<FILEGLOB> = (must start with '/' (after variable expansion),
> B<AARE> have special meanings; see below. May include I<VARIABLE>.
> Rules with embedded spaces or tabs must be quoted. Rules must end
> with '/' to apply to directories.)
> 
> -B<ACCESS> = ( 'r' | 'w' | 'l' | 'ix' | 'ux' | 'Ux' | 'px' | 'Px' |
> 'cx -E<gt> ' I<PROGRAMCHILD> | 'Cx -E<gt> ' I<PROGRAMCHILD> | 'm' ) [
> I<ACCESS> ... ]  (not all combinations are allowed; see below.)
> +B<ACCESS> = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | I<EXEC TRANSITION>
> )+  (not all combinations are allowed; see below.) 

Acked-by: Christian Boltz <apparmor at cboltz.de>


Regards,

Christian Boltz
-- 
> In diesem Zusammenhang möchte ich unseren Listenowner doch mal fragen,
> warum es auf den SuSE-CDs keine Bibel gibt.  *flücht*  SCNR
Unterliegt sie denn der GPL?  *SCNRtoo*
[> Bernd Brodesser und Michael Raab in suse-linux]