mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

aa-status: update man page with filter information

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2023-05-02 03:22:33 -07:00
parent 5ff6686ea7
commit 2434838136
1 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
binutils/aa-status.pod
View File

@ -72,11 +72,18 @@ displays the number of loaded non-enforcing AppArmor policies.
=item --kill
displays the number of loaded enforcing AppArmor policies that will kill tasks on policy violations.
displays the number of loaded enforcing AppArmor policies that will
kill tasks on policy violations.
=item --prompt
displays the number of loaded enforcing AppArmor policies, with
fallback to userspace mediation.
=item --special-unconfined
displays the number of loaded non-enforcing AppArmor policies that are in the special unconfined mode.
displays the number of loaded non-enforcing AppArmor policies that are
in the special unconfined mode.
=item --process-mixed
displays the number of processes confined by profile stacks with
@ -97,6 +104,40 @@ set in a JSON format, fit for machine consumption.
same as --json, formatted to be readable by humans as well
as by machines.
=item --show
what data sets to show information about. Currently I<processes>,
I<profiles>, I<all> for both processes and profiles. The default is
I<all>.
=item --count
display only counts for selected information.
=item --filter.mode=filter
Allows specifying a posix regular expression filter that will be
applied against the displayed processess and profiles apparmor profile
mode, reducing the output.
=item --filter.profiles=filter
Allows specifying a posix regular expression filter that will be
applied against the displayed processess and profiles confining
profile, reducing the output.
=item --filter.pid=filter
Allows specifying a posix regular expression filter that will be
applied against the displayed processes, so that only processes pids
matching the expression will be displayed.
=item --filter.exe=filter
Allows specifying a posix regular expression filter that will be
applied against the displayed processes, so that only processes
executable name matching the expression will be displayed.
=item --help
displays a short usage statement.
@ -124,7 +165,8 @@ if apparmor is enabled but no policy is loaded.
=item B<3>
if the apparmor control files aren't available under /sys/kernel/security/.
if the apparmor control files aren't available under
/sys/kernel/security/.
=item B<4>
@ -140,8 +182,9 @@ if an internal error occurred.
=head1 BUGS
B<aa-status> must be run as root to read the state of the loaded
policy from the apparmor module. It uses the /proc filesystem to determine
which processes are confined and so is susceptible to race conditions.
policy from the apparmor module. It uses the /proc filesystem to
determine which processes are confined and so is susceptible to race
conditions.
If you find any additional bugs, please report them at
L<https://gitlab.com/apparmor/apparmor/-/issues>.