[apparmor] [patch] Add --no-reload to various utils manpages
John Johansen
john.johansen at canonical.com
Sun Jul 23 17:33:32 UTC 2017
On 07/21/2017 04:52 AM, Christian Boltz wrote:
> Hello,
>
> this option exists in several aa-* tools since 2.9, but isn't mentioned
> in the manpage.
>
> Also drop some trailing whitespace in the manpages.
>
>
> I propose this patch for 2.9, 2.10, 2.11 and trunk.
>
I suppose
Acked-by: John Johansen <john.johansen at canonical.com>
my complaint isn't with the patch itself but an already existing option
>
> [ 02-utils-manpage-no-reload.diff ]
>
> === modified file 'utils/aa-audit.pod'
> --- utils/aa-audit.pod 2014-02-12 23:54:00 +0000
> +++ utils/aa-audit.pod 2017-07-21 11:40:14 +0000
> @@ -6,7 +6,7 @@
>
> =head1 SYNOPSIS
>
> -B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
> +B<aa-audit I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
>
> =head1 OPTIONS
>
> @@ -15,9 +15,12 @@
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> +B<--no-reload>
> + Do not reload the profile after modifying it.
> +
> B<-r --remove>
Urk, really? How long has -r for remove been here. Its unfortunate
because -r is used in the parser (it has been forever) for replace.
>
> - Removes the audit mode for the profile.
> + Removes the audit mode for the profile.
>
> =head1 DESCRIPTION
>
>
> === modified file 'utils/aa-cleanprof.pod'
> --- utils/aa-cleanprof.pod 2014-09-15 18:30:47 +0000
> +++ utils/aa-cleanprof.pod 2017-07-21 11:46:20 +0000
> @@ -6,7 +6,7 @@
>
> =head1 SYNOPSIS
>
> -B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-s>]>
> +B<aa-cleanprof I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload]> [I<-s>]>
>
> =head1 OPTIONS
>
> @@ -15,6 +15,9 @@
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> +B<--no-reload>
> + Do not reload the profile after modifying it.
> +
> B<-s --silent>
>
> Silently overwrites the profile without user prompt.
> @@ -22,7 +25,7 @@
> =head1 DESCRIPTION
>
> B<aa-cleanprof> is used to perform a cleanup on one or more profiles.
> -The tool removes any existing superfluous rules (rules that are covered
> +The tool removes any existing superfluous rules (rules that are covered
> under an include or another rule), reorders the rules to group similar rules
> together and removes all comments from the file.
>
>
> === modified file 'utils/aa-complain.pod'
> --- utils/aa-complain.pod 2016-06-05 21:43:29 +0000
> +++ utils/aa-complain.pod 2017-07-21 11:42:52 +0000
> @@ -26,7 +26,7 @@
>
> =head1 SYNOPSIS
>
> -B<< aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
> +B<aa-complain I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
>
> =head1 OPTIONS
>
> @@ -35,6 +35,9 @@
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> +B<--no-reload>
> + Do not reload the profile after modifying it.
> +
> =head1 DESCRIPTION
>
> B<aa-complain> is used to set the enforcement mode for one or more profiles to I<complain> mode.
>
> === modified file 'utils/aa-disable.pod'
> --- utils/aa-disable.pod 2014-03-03 22:59:47 +0000
> +++ utils/aa-disable.pod 2017-07-21 11:45:15 +0000
> @@ -26,7 +26,7 @@
>
> =head1 SYNOPSIS
>
> -B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<-r>]>
> +B<aa-disable I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>] [I<-r>]>
>
> =head1 OPTIONS
>
> @@ -35,11 +35,14 @@
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> +B<--no-reload>
> + Do not unreload the profile after modifying it.
> +
> =head1 DESCRIPTION
>
> -B<aa-disable> is used to I<disable> one or more profiles.
> +B<aa-disable> is used to I<disable> one or more profiles.
> This command will unload the profile from the kernel and prevent the
> -profile from being loaded on AppArmor startup.
> +profile from being loaded on AppArmor startup.
> The I<aa-enforce> and I<aa-complain> utilities may be used to to change
> this behavior.
>
>
> === modified file 'utils/aa-enforce.pod'
> --- utils/aa-enforce.pod 2014-09-15 18:30:47 +0000
> +++ utils/aa-enforce.pod 2017-07-21 11:46:31 +0000
> @@ -27,7 +27,7 @@
>
> =head1 SYNOPSIS
>
> -B<< aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] >>
> +B<aa-enforce I<E<lt>executableE<gt>> [I<E<lt>executableE<gt>> ...] [I<-d /path/to/profiles>] [I<--no-reload>]>
>
> =head1 OPTIONS
>
> @@ -36,12 +36,15 @@
> Specifies where to look for the AppArmor security profile set.
> Defaults to /etc/apparmor.d.
>
> +B<--no-reload>
> + Do not reload the profile after modifying it.
> +
> =head1 DESCRIPTION
>
> B<aa-enforce> is used to set one or more profiles to I<enforce> mode.
> This command is only relevant in conjunction with the I<aa-complain> utility
> which sets a profile to complain mode and the I<aa-disable> utility which
> -unloads and disables a profile.
> +unloads and disables a profile.
> The default mode for a security policy is enforce and the I<aa-complain>
> utility must be run to change this behavior.
>
>
>
> Regards,
>
> Christian Boltz
>
>
>
More information about the AppArmor
mailing list