[apparmor] [PATCH 01/20] apparmor.d.pod: refactor profile file, profile, subprofile, hat patterns
Christian Boltz
apparmor at cboltz.de
Fri May 29 11:22:09 UTC 2015
Hello,
Am Freitag, 29. Mai 2015 schrieb John Johansen:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> --- a/parser/apparmor.d.pod
> +++ b/parser/apparmor.d.pod
> +B<PROFILE FILE> = ( I<PREAMBLE> I<PROFILE> )*
PREAMBLE is optional, so maybe this should be
B<PROFILE FILE> = ( [ I<PREAMBLE> ] I<PROFILE> )*
OTOH, it's also allowed to have a file with only PREAMBLE (hint:
tunables/* - even if such a file is useless as standalone file), so
choose whatever you like more.
> +B<HAT> = ('hat' | '^') I<HATNAME> [ <PROFILE FLAG CONDS> ] '{' (
> I<RULES> )* '}'
> +B<HATNAME> = '^' ( must start with alphanumeric
> character. see aa_change_hat(2) for a description of how this "hat"
> is used.)
The '^' is already part of HAT, so it's wrong to repeat it in HATNAME
(and even more wrong if the 'hat' keyword is used).
Maybe you should also add a note that there is no space after '^'.
With that changed,
Acked-by: Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
Verstehen kann ich das Problem. Die meisten von uns hätten gerne
brandaktuelle *und* felsenstabile Software. Der Unterschied zwischen
Redmond und Pinguinhausen ist, daß erstere dir erzählen, daß man
beides haben könne. Stimmt aber nicht. [Ratti in suse-linux]
More information about the AppArmor
mailing list