felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: update links format.

Browse source
This commit is contained in:
Alexandre Pujol 2023-10-27 15:27:23 +01:00
parent 84ecf85c0b
commit 23639e0b65
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
7 changed files with 17 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docs/development/index.md
View file

@ -8,7 +8,7 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co
??? info "How to contribute"
1. If you don't have git on your machine, [install it][git].
1. If you don't have git on your machine, [install it](https://help.github.com/articles/set-up-git/).
2. Fork this repo by clicking on the fork button on the top of the [project Github][project] page.
3. Clone the repository and go to the directory:
```sh
@ -61,14 +61,14 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co
!!! danger "Warning"
Following the [profile guidelines](guidelines) is **mandatory** for all new profiles.
Following the [profile guidelines](guidelines.md) is **mandatory** for all new profiles.
1. To add a new profile `foo`, add the file `foo` in [`apparmor.d/profile-a-f`][profiles-a-f].
If your profile is part of a large group of profiles, it can also go in
[`apparmor.d/groups`][groups].
2. Write the profile content, the rules depend of the confined program,
2. Write the profile content, the rules depend on the confined program,
Here is the bare minimum for the program `foo`:
``` sh
# apparmor.d - Full set of apparmor profiles
@ -95,7 +95,6 @@ profile foo @{exec_path} {
4. Build & install for your distribution.
[git]: https://help.github.com/articles/set-up-git/
[project]: https://github.com/roddhjav/apparmor.d
[flags]: https://github.com/roddhjav/apparmor.d/blob/main/dists/flags/main.flags

3
docs/development/structure.md
View file

@ -21,7 +21,7 @@ However, as `/etc` can contain sensitive files, we now want to explicitly preven
1. How do we know the exhaustive list of *sensitive files* in `/etc`?
2. How do we ensure access to these sensitive files are not required?
3. This breaks the principle of mandatory access control.
See the [first rule of this project][project-rules] that is to only allow
See the [first rule of this project](index.md#project-rules) that is to only allow
what is required. Here we allow everything and blacklist some paths.
It creates even more issues when we want to use this profile in other profiles. Let's take the example of `diff`. Using this rule: `@{bin}/diff rPx,` will restrict access to the very generic and not very confined `diff` profile. Whereas most of the time, we want to restrict `diff` to some specific file in our profile:
@ -79,7 +79,6 @@ sandbox managed with [Toolbox]
2. Do not a create profile for the shell: `bash`, `sh`, `dash`, `zsh`
3. Use [Toolbox].
[project-rules]: /development/#project-rules
[Toolbox]: https://containertoolbx.org/