[apparmor] [PATCH 1/2] apparmor.d.pod: create RULES grouping and cleanup profile PROFILE rule
John Johansen
john.johansen at canonical.com
Tue Mar 24 11:11:45 UTC 2015
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/apparmor.d.pod | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index 817a31b..51a8284 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -54,7 +54,15 @@ B<COMMENT> = '#' I<TEXT>
B<TEXT> = any characters
-B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' [ ( I<RESOURCE RULE> | I<COMMENT> | I<INCLUDE> | I<SUBPROFILE> | I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<DBUS RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | I<CHANGE_PROFILE RULE> | I<RLIMIT RULE>) ... ] '}'
+B<PROFILE> = [ I<COMMENT> ... ] [ I<VARIABLE ASSIGNMENT> ... ] ( '"' I<PROGRAM> '"' | I<PROGRAM> ) [ 'flags=(complain)' ]'{' ( I<RULES> )* '}'
+
+B<RULES> = [ ( I<COMMENT> | I<LINE RULES> [ '\r' ] '\n' | I<COMMA RULES> ',' | I<BLOCK RULES> )
+
+B<LINE RULES> = ( I<COMMENT> | I<INCLUDE> )
+
+B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<DBUS RULE> )
+
+B<BLOCK RULES> = I<SUBPROFILE>
B<SUBPROFILE> = [ I<COMMENT> ... ] ( I<PROGRAMHAT> | 'profile ' I<PROGRAMCHILD> ) '{' [ ( I<FILE RULE> | I<COMMENT> | I<INCLUDE> ) ... ] '}'
--
2.1.4
More information about the AppArmor
mailing list