From 23639e0b65b847e7b87bb02117366efb9545a94c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 27 Oct 2023 15:27:23 +0100 Subject: [PATCH] doc: update links format. --- docs/concepts.md | 5 ++--- docs/configuration.md | 4 ++-- docs/development/index.md | 7 +++---- docs/development/structure.md | 3 +-- docs/index.md | 12 ++++++------ docs/install.md | 4 ++-- docs/report.md | 2 +- 7 files changed, 17 insertions(+), 20 deletions(-) diff --git a/docs/concepts.md b/docs/concepts.md index da2397305..563940a4e 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -6,8 +6,7 @@ title: Concepts *One profile a day keeps the hacker away* -There are over 50000 Linux packages and even more applications. It is simply not -possible to write an AppArmor profile for all of them. Therefore, a question arises: +There are over 50000 Linux packages and even more applications. It is simply not possible to write an AppArmor profile for all of them. Therefore, a question arises: **What to confine and why?** @@ -16,7 +15,7 @@ We take inspiration from the [Android/ChromeOS Security Model][android_model], a This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users. -[android_model]: https://arxiv.org/pdf/1904.05572 +[android_model]: https://arxiv.org/pdf/1904.05572v2.pdf [clipos]: https://clip-os.org/en/ [write xor execute]: https://en.wikipedia.org/wiki/W%5EX diff --git a/docs/configuration.md b/docs/configuration.md index 1cf6716b5..2a94bcdb7 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -24,11 +24,11 @@ This project is designed in such a way that it is easy to personalize the directories your programs have access by defining a few variables. The profiles heavily use the (largely extended) XDG directory variables defined -in the **[Variables Reference](/variables)** page. +in the **[Variables Reference](variables.md)** page. ??? note "XDG variables overview" - See **[Variables Reference](/variables)** page for more. + See **[Variables Reference](variables.md)** page for more. | Description | Name | Value | |-------------|:----:|---------| diff --git a/docs/development/index.md b/docs/development/index.md index d0c34eff2..923e4daa6 100644 --- a/docs/development/index.md +++ b/docs/development/index.md @@ -8,7 +8,7 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co ??? info "How to contribute" - 1. If you don't have git on your machine, [install it][git]. + 1. If you don't have git on your machine, [install it](https://help.github.com/articles/set-up-git/). 2. Fork this repo by clicking on the fork button on the top of the [project Github][project] page. 3. Clone the repository and go to the directory: ```sh @@ -61,14 +61,14 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co !!! danger "Warning" - Following the [profile guidelines](guidelines) is **mandatory** for all new profiles. + Following the [profile guidelines](guidelines.md) is **mandatory** for all new profiles. 1. To add a new profile `foo`, add the file `foo` in [`apparmor.d/profile-a-f`][profiles-a-f]. If your profile is part of a large group of profiles, it can also go in [`apparmor.d/groups`][groups]. -2. Write the profile content, the rules depend of the confined program, +2. Write the profile content, the rules depend on the confined program, Here is the bare minimum for the program `foo`: ``` sh # apparmor.d - Full set of apparmor profiles @@ -95,7 +95,6 @@ profile foo @{exec_path} { 4. Build & install for your distribution. -[git]: https://help.github.com/articles/set-up-git/ [project]: https://github.com/roddhjav/apparmor.d [flags]: https://github.com/roddhjav/apparmor.d/blob/main/dists/flags/main.flags diff --git a/docs/development/structure.md b/docs/development/structure.md index eed8b0125..0d1889016 100644 --- a/docs/development/structure.md +++ b/docs/development/structure.md @@ -21,7 +21,7 @@ However, as `/etc` can contain sensitive files, we now want to explicitly preven 1. How do we know the exhaustive list of *sensitive files* in `/etc`? 2. How do we ensure access to these sensitive files are not required? 3. This breaks the principle of mandatory access control. - See the [first rule of this project][project-rules] that is to only allow + See the [first rule of this project](index.md#project-rules) that is to only allow what is required. Here we allow everything and blacklist some paths. It creates even more issues when we want to use this profile in other profiles. Let's take the example of `diff`. Using this rule: `@{bin}/diff rPx,` will restrict access to the very generic and not very confined `diff` profile. Whereas most of the time, we want to restrict `diff` to some specific file in our profile: @@ -79,7 +79,6 @@ sandbox managed with [Toolbox] 2. Do not a create profile for the shell: `bash`, `sh`, `dash`, `zsh` 3. Use [Toolbox]. -[project-rules]: /development/#project-rules [Toolbox]: https://containertoolbx.org/ diff --git a/docs/index.md b/docs/index.md index 91bd45e05..b08a7fd2d 100644 --- a/docs/index.md +++ b/docs/index.md @@ -9,7 +9,7 @@ title: AppArmor.d !!! danger "Help Wanted" This project is still in its early development. Help is very welcome; - see [Development](development/) + see [Development](development/index.md) **AppArmor.d** is a set of over 1400 AppArmor profiles whose aim is to confine most Linux based applications and processes. @@ -23,16 +23,16 @@ most Linux based applications and processes. - Confine some *"special"* user applications: web browser, file browser... - Should not break a normal usage of the confined software -See the [Concepts](concepts)' page for more detail on the architecture. +See the [Concepts](concepts.md)' page for more detail on the architecture. **Goals** - Target both desktops and servers - Support all distributions that support AppArmor: - * [:material-arch: Archlinux](/install/#archlinux) - * [:material-ubuntu: Ubuntu 22.04](/install/#ubuntu-debian) - * [:material-debian: Debian 12](/install/#ubuntu-debian) - * [:simple-suse: OpenSUSE Tumbleweed](/install/#opensuse) + * [:material-arch: Archlinux](install.md#archlinux) + * [:material-ubuntu: Ubuntu 22.04](install.md#ubuntu-debian) + * [:material-debian: Debian 12](install.md#ubuntu-debian) + * [:simple-suse: OpenSUSE Tumbleweed](install.md#opensuse) - Support all major desktop environments: * Currently only :material-gnome: Gnome - Fully tested (Work in progress) diff --git a/docs/install.md b/docs/install.md index 92df2784b..0bec02c21 100644 --- a/docs/install.md +++ b/docs/install.md @@ -4,7 +4,7 @@ title: Installation !!! danger - In order to not break your system, the default package configuration installs all profiles in complain mode. They can be enforced later. See the [Enforce Mode](/enforce) page. + In order to not break your system, the default package configuration installs all profiles in complain mode. They can be enforced later. See the [Enforce Mode](enforce.md) page. ## Requirements @@ -19,7 +19,7 @@ The following desktop environments are supported: - [x] :material-gnome: Gnome - [ ] :simple-kde: KDE *(work in progress)* -Also, please note Wayland has better support than Xorg. +Please note that Wayland has a better support than Xorg. **Build dependencies** diff --git a/docs/report.md b/docs/report.md index 529cefc2a..06b14c505 100644 --- a/docs/report.md +++ b/docs/report.md @@ -4,7 +4,7 @@ title: Report AppArmor logs # Report AppArmor logs -The **[aa-log](/usage/#apparmor-log)** tool reports all AppArmor `DENIED` and `ALLOWED`. It should be used to fix AppArmor related issues. +The **[aa-log](usage.md#apparmor-log)** tool reports all AppArmor `DENIED` and `ALLOWED`. It should be used to fix AppArmor related issues. While testing, if something get wrong, you need to put the profile in complain mode, to that you can investigate and it does not block your program.