[apparmor] [patch] Add --no-reload to various utils manpages

John Johansen john.johansen at canonical.com
Sun Jul 23 17:33:32 UTC 2017


On 07/21/2017 04:52 AM, Christian Boltz wrote:
> Hello,
> 
> this option exists in several aa-* tools since 2.9, but isn't mentioned
> in the manpage.
> 
> Also drop some trailing whitespace in the manpages.
> 
> 
> I propose this patch for 2.9, 2.10, 2.11 and trunk.
> 
I suppose

Acked-by: John Johansen <john.johansen at canonical.com>

my complaint isn't with the patch itself but an already existing option

> 
> [ 02-utils-manpage-no-reload.diff ]
> 
> === modified file 'utils/aa-audit.pod'
> --- utils/aa-audit.pod	2014-02-12 23:54:00 +0000
> +++ utils/aa-audit.pod	2017-07-21 11:40:14 +0000
> @@ -6,7 +6,7 @@
>  
>  =head1 SYNOPSIS
>  
> -B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
> +B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
>  
>  =head1 OPTIONS
>  
> @@ -15,9 +15,12 @@
>     Specifies where to look for the AppArmor security profile set.
>     Defaults to /etc/apparmor.d.
>  
> +B<--no-reload>
> +   Do not reload the profile after modifying it.
> +
>  B<-r --remove>
Urk, really? How long has -r for remove been here. Its unfortunate
because -r is used in the parser (it has been forever) for replace.

>  
> -   Removes the audit mode for the profile.  
> +   Removes the audit mode for the profile.
>  
>  =head1 DESCRIPTION
>  
> 
> === modified file 'utils/aa-cleanprof.pod'
> --- utils/aa-cleanprof.pod	2014-09-15 18:30:47 +0000
> +++ utils/aa-cleanprof.pod	2017-07-21 11:46:20 +0000
> @@ -6,7 +6,7 @@
>  
>  =head1 SYNOPSIS
>  
> -B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-s>]>
> +B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload]> [I<-s>]>
>  
>  =head1 OPTIONS
>  
> @@ -15,6 +15,9 @@
>     Specifies where to look for the AppArmor security profile set.
>     Defaults to /etc/apparmor.d.
>  
> +B<--no-reload>
> +   Do not reload the profile after modifying it.
> +
>  B<-s --silent>
>  
>     Silently overwrites the profile without user prompt.
> @@ -22,7 +25,7 @@
>  =head1 DESCRIPTION
>  
>  B<aa-cleanprof> is used to perform a cleanup on one or more profiles.
> -The tool removes any existing superfluous rules (rules that are covered 
> +The tool removes any existing superfluous rules (rules that are covered
>  under an include or another rule), reorders the rules to group similar rules
>  together and removes all comments from the file.
>  
> 
> === modified file 'utils/aa-complain.pod'
> --- utils/aa-complain.pod	2016-06-05 21:43:29 +0000
> +++ utils/aa-complain.pod	2017-07-21 11:42:52 +0000
> @@ -26,7 +26,7 @@
>  
>  =head1 SYNOPSIS
>  
> -B<< aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
> +B<aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
>  
>  =head1 OPTIONS
>  
> @@ -35,6 +35,9 @@
>     Specifies where to look for the AppArmor security profile set.
>     Defaults to /etc/apparmor.d.
>  
> +B<--no-reload>
> +   Do not reload the profile after modifying it.
> +
>  =head1 DESCRIPTION
>  
>  B<aa-complain> is used to set the enforcement mode for one or more profiles to I<complain> mode.
> 
> === modified file 'utils/aa-disable.pod'
> --- utils/aa-disable.pod	2014-03-03 22:59:47 +0000
> +++ utils/aa-disable.pod	2017-07-21 11:45:15 +0000
> @@ -26,7 +26,7 @@
>  
>  =head1 SYNOPSIS
>  
> -B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
> +B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
>  
>  =head1 OPTIONS
>  
> @@ -35,11 +35,14 @@
>     Specifies where to look for the AppArmor security profile set.
>     Defaults to /etc/apparmor.d.
>  
> +B<--no-reload>
> +   Do not unreload the profile after modifying it.
> +
>  =head1 DESCRIPTION
>  
> -B<aa-disable> is used to I<disable> one or more profiles. 
> +B<aa-disable> is used to I<disable> one or more profiles.
>  This command will unload the profile from the kernel and prevent the
> -profile from being loaded on AppArmor startup. 
> +profile from being loaded on AppArmor startup.
>  The I<aa-enforce> and I<aa-complain> utilities may be used to to change
>  this behavior.
>  
> 
> === modified file 'utils/aa-enforce.pod'
> --- utils/aa-enforce.pod	2014-09-15 18:30:47 +0000
> +++ utils/aa-enforce.pod	2017-07-21 11:46:31 +0000
> @@ -27,7 +27,7 @@
>  
>  =head1 SYNOPSIS
>  
> -B<< aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
> +B<aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
>  
>  =head1 OPTIONS
>  
> @@ -36,12 +36,15 @@
>     Specifies where to look for the AppArmor security profile set.
>     Defaults to /etc/apparmor.d.
>  
> +B<--no-reload>
> +   Do not reload the profile after modifying it.
> +
>  =head1 DESCRIPTION
>  
>  B<aa-enforce> is used to set one or more profiles to I<enforce> mode.
>  This command is only relevant in conjunction with the I<aa-complain> utility
>  which sets a profile to complain mode and the I<aa-disable> utility which
> -unloads and disables a profile. 
> +unloads and disables a profile.
>  The default mode for a security policy is enforce and the I<aa-complain>
>  utility must be run to change this behavior.
>  
> 
> 
> Regards,
> 
> Christian Boltz
> 
> 
> 




More information about the AppArmor mailing list