felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: update fsp structure.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-24 13:24:26 +00:00
parent 77016661dc
commit 444b9ef77a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/development/dbus.md
View file

@ -18,7 +18,7 @@ For more access, simply use the [`dbus: talk`](#dbus-directive) directive.
## Dbus Directive
We use a special [directive](directives.md) to generate more advanced dbus access. The directive format is on purpose very similar to apparmor dbus rule.
We use a special [directive](directives.md) to generate more advanced dbus access. The directive format is on purpose very similar to the apparmor dbus rule.
**Format**
@ -30,7 +30,7 @@ We use a special [directive](directives.md) to generate more advanced dbus acces
: Access type. Can be `own` or `talk`:
- `own` means the profile own this dbus interface. It is allowed to send and receive from anyone on this interface.
- `own` means the profile own the dbus interface. It is allowed to send and receive from anyone on this interface.
- `talk` means the profile can talk on a given interface to the profile owning it (that must be given under the `label` option).
**`<bus>`**
@ -43,7 +43,7 @@ We use a special [directive](directives.md) to generate more advanced dbus acces
**`[label=AARE]`**
: Name of the profile
: Name of the profile. Mandatory for `talk` access.
**`[interface=AARE]`**

8
docs/development/directives.md
View file

@ -2,7 +2,7 @@
title: Directives
---
`apparmor.d` supports build directives, they are processed at build time of the project, when running `make`. They are valid apparmor comment, `apparmor_parser` can be used on a profile even if the directives have not been processed. They should not end with a comma. Multiline directive is not supported.
`apparmor.d` supports build directives, they are processed at build time of the project, when running `make`. They are valid apparmor comment, therefore, `apparmor_parser` can be used on a profile even if the directives have not been processed. They should not end with a comma. Multiline directive is not supported.
The directives follow the format:
```sh
@ -25,7 +25,7 @@ See the [dbus page](dbus.md#dbus-directive).
## Only, Exclude
The `only` and `exclude` directive can be used to filter individual rule or rule paragraph depending on the target distribution of distribution family.
The `only` and `exclude` directives can be used to filter individual rule or rule paragraph depending on the target distribution of distribution family.
**Format**
@ -63,7 +63,7 @@ The `only` and `exclude` directive can be used to filter individual rule or rule
## Exec
The `exec` directive is useful to allow executing transition to a profile without having to manage the possible long list of profile attachment (that varies depending on the distribution). The directive parse and resolve the attachment variable (`@{exec_path}`) of the target profile and include it in the current profile.
The `exec` directive is useful to allow executing transition to a profile without having to manage the possible long list of profile attachment (it varies depending on the distribution). The directive parse and resolve the attachment variable (`@{exec_path}`) of the target profile and include it in the current profile.
**Format**
@ -103,7 +103,7 @@ The `exec` directive is useful to allow executing transition to a profile withou
## Stack
[Stacked](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorStacking) profiles can be hard to maintain. The *parents* profile need to manage its own rules as well as always include stacked profile rules. This directive automatically include the stacked profile rules into the parent profile.
[Stacked](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorStacking) profiles can be hard to maintain. The *parent* profile needs to manage its own rules as well as always include the stacked profile rules. This directive automatically include the stacked profile rules into the parent profile.
**Format**