[apparmor] [PATCH 08/20] add man page for aa_query_label
Tyler Hicks
tyhicks at canonical.com
Fri May 29 17:59:02 UTC 2015
On 2015-05-29 01:39:14, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> libraries/libapparmor/doc/aa_query_label.pod | 107 +++++++++++++++++++++++++++
> 1 file changed, 107 insertions(+)
> create mode 100644 libraries/libapparmor/doc/aa_query_label.pod
>
> diff --git a/libraries/libapparmor/doc/aa_query_label.pod b/libraries/libapparmor/doc/aa_query_label.pod
> new file mode 100644
> index 0000000..9aa563a
> --- /dev/null
> +++ b/libraries/libapparmor/doc/aa_query_label.pod
> @@ -0,0 +1,107 @@
> +# This publication is intellectual property of Canonical Ltd. Its contents
> +# can be duplicated, either in part or in whole, provided that a copyright
> +# label is visibly located on each copy.
> +#
> +# All information found in this book has been compiled with utmost
> +# attention to detail. However, this does not guarantee complete accuracy.
> +# Neither Canonical Ltd, the authors, nor the translators shall be held
> +# liable for possible errors or the consequences thereof.
> +#
> +# Many of the software and hardware descriptions cited in this book
> +# are registered trademarks. All trade names are subject to copyright
> +# restrictions and may be registered trade marks. Canonical Ltd.
> +# essentially adhere to the manufacturer's spelling.
> +#
> +# Names of products and trademarks appearing in this book (with or without
> +# specific notation) are likewise subject to trademark and trade protection
> +# laws and may thus fall under copyright restrictions.
> +#
> +
> +
> +=pod
> +
> +=head1 NAME
> +
> +aa_query_label - query access permission associated with a label
> +
> +=head1 SYNOPSIS
> +
> +B<#include E<lt>sys/apparmor.hE<gt>>
> +
> +B<int aa_query_label((uint32_t mask, char *query, size_t size, int *allowed,
> + int *audited);>
> +
> +Link with B<-lapparmor> when compiling.
> +
> +=head1 DESCRIPTION
> +
> +The aa_query_label function fetches the current permissions granted by the
> +specified I<label> in the I<query> string.
> +
> +The query is a raw binary formated query, containing the label and
> +permission query to make. The returned I<allowed> and I<audited> values are
> +interpreted boolean values, simple stating whether the query is allowed and
> +if it is audited.
> +
> +The mask of the query string is a bit mask of permissions to query and is
> +class type dependent (see AA_CLASS_xxx) entries in I<sys/apparmor.h>.
> +
> +The format of the query string is also dependent on the B<AA_CLASS> and as
> +such the the aa_query_xxx helper functions should be usually be used instead
> +of directly using I<aa_query_label>. If directly using the interface the
> +I<query> string is required to have a header of B<AA_QUERY_CMD_LABEL_SIZE>
> +that will be used by I<aa_query_label>.
> +
> +=head1 RETURN VALUE
> +
> +On success 0 is returned, and the I<allowed> and I<audited> parameters
> +contain a boolean value of 0 not allowed/audited or 1 allowed/audited. On
> +error, -1 is returned, and errno(3) is set appropriately.
> +
> +=head1 ERRORS
> +
> +=over 4
> +
> +=item B<EINVAL>
> +
> +The requested I<mask> is empty.
> +
> +The I<size> of the query is E<lt> the query B<AA_QUER?Y_CMD_LABEL_SIZE>
> +
> +The apparmor kernel module is not loaded or the he kernel interface access
> +interface is not available
> +
> +=item B<ENOMEM>
> +
> +Insufficient memory was available.
> +
> +=item B<EACCES>
> +
> +Access to the specified I<label> or query interface was denied.
> +
> +=item B<ENOENT>
> +
> +The specified I<label> does not exist or is not visible.
> +
> +=item B<ERANGE>
> +
> +The confinement data is too large to fit in the supplied buffer.
> +
> +=back
> +
> +=head1 NOTES
> +
> +The label permissions returned are only valid for the time of the
> +query and can change at any point in the future.
> +
> +=head1 BUGS
> +
> +None known. If you find any, please report them at
> +L<https://bugs.launchpad.net/apparmor/+filebug>.
> +
> +=head1 SEE ALSO
> +
> +apparmor(7), apparmor.d(5), apparmor_parser(8), aa_get_con(2), aa_split_con(2)
> +and L<http://wiki.apparmor.net>.
* "aa_get_con(2)" should be "aa_getcon(2)"
- underscore removal
* "aa_split_con(2)" should be "aa_splitcon(3)"
- underscore removal
- section correction
With those changes plus the ones suggested by cboltz,
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
> +
> +=cut
> --
> 2.1.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/afd78c4a/attachment-0001.pgp>
More information about the AppArmor
mailing list