[apparmor] [patch] Add --no-reload to various utils manpages
Christian Boltz
apparmor at cboltz.de
Fri Jul 21 11:52:39 UTC 2017
Hello,
this option exists in several aa-* tools since 2.9, but isn't mentioned
in the manpage.
Also drop some trailing whitespace in the manpages.
I propose this patch for 2.9, 2.10, 2.11 and trunk.
[ 02-utils-manpage-no-reload.diff ]
=== modified file 'utils/aa-audit.pod'
--- utils/aa-audit.pod 2014-02-12 23:54:00 +0000
+++ utils/aa-audit.pod 2017-07-21 11:40:14 +0000
@@ -6,7 +6,7 @@
=head1 SYNOPSIS
-B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
+B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
=head1 OPTIONS
@@ -15,9 +15,12 @@
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
+B<--no-reload>
+ Do not reload the profile after modifying it.
+
B<-r --remove>
- Removes the audit mode for the profile.
+ Removes the audit mode for the profile.
=head1 DESCRIPTION
=== modified file 'utils/aa-cleanprof.pod'
--- utils/aa-cleanprof.pod 2014-09-15 18:30:47 +0000
+++ utils/aa-cleanprof.pod 2017-07-21 11:46:20 +0000
@@ -6,7 +6,7 @@
=head1 SYNOPSIS
-B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-s>]>
+B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload]> [I<-s>]>
=head1 OPTIONS
@@ -15,6 +15,9 @@
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
+B<--no-reload>
+ Do not reload the profile after modifying it.
+
B<-s --silent>
Silently overwrites the profile without user prompt.
@@ -22,7 +25,7 @@
=head1 DESCRIPTION
B<aa-cleanprof> is used to perform a cleanup on one or more profiles.
-The tool removes any existing superfluous rules (rules that are covered
+The tool removes any existing superfluous rules (rules that are covered
under an include or another rule), reorders the rules to group similar rules
together and removes all comments from the file.
=== modified file 'utils/aa-complain.pod'
--- utils/aa-complain.pod 2016-06-05 21:43:29 +0000
+++ utils/aa-complain.pod 2017-07-21 11:42:52 +0000
@@ -26,7 +26,7 @@
=head1 SYNOPSIS
-B<< aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
+B<aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
=head1 OPTIONS
@@ -35,6 +35,9 @@
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
+B<--no-reload>
+ Do not reload the profile after modifying it.
+
=head1 DESCRIPTION
B<aa-complain> is used to set the enforcement mode for one or more profiles to I<complain> mode.
=== modified file 'utils/aa-disable.pod'
--- utils/aa-disable.pod 2014-03-03 22:59:47 +0000
+++ utils/aa-disable.pod 2017-07-21 11:45:15 +0000
@@ -26,7 +26,7 @@
=head1 SYNOPSIS
-B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
+B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
=head1 OPTIONS
@@ -35,11 +35,14 @@
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
+B<--no-reload>
+ Do not unreload the profile after modifying it.
+
=head1 DESCRIPTION
-B<aa-disable> is used to I<disable> one or more profiles.
+B<aa-disable> is used to I<disable> one or more profiles.
This command will unload the profile from the kernel and prevent the
-profile from being loaded on AppArmor startup.
+profile from being loaded on AppArmor startup.
The I<aa-enforce> and I<aa-complain> utilities may be used to to change
this behavior.
=== modified file 'utils/aa-enforce.pod'
--- utils/aa-enforce.pod 2014-09-15 18:30:47 +0000
+++ utils/aa-enforce.pod 2017-07-21 11:46:31 +0000
@@ -27,7 +27,7 @@
=head1 SYNOPSIS
-B<< aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
+B<aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
=head1 OPTIONS
@@ -36,12 +36,15 @@
Specifies where to look for the AppArmor security profile set.
Defaults to /etc/apparmor.d.
+B<--no-reload>
+ Do not reload the profile after modifying it.
+
=head1 DESCRIPTION
B<aa-enforce> is used to set one or more profiles to I<enforce> mode.
This command is only relevant in conjunction with the I<aa-complain> utility
which sets a profile to complain mode and the I<aa-disable> utility which
-unloads and disables a profile.
+unloads and disables a profile.
The default mode for a security policy is enforce and the I<aa-complain>
utility must be run to change this behavior.
Regards,
Christian Boltz
--
Entwickler sollten nicht danach bezahlt werden, wie viel Code
sie schreiben, sondern wie viel Code sie wegschmeißen.
[Robert Lemke, http://heise.de/-1362225]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170721/a45fc7d8/attachment.pgp>
More information about the AppArmor
mailing list