From 46586a633426b0e3ee342d2f2a00b3caa81b14ad Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Mon, 5 May 2014 11:35:50 -0500
Subject: [PATCH] parser: Add example dbus rule for unconfined peers

It may not be obvious that the peer label can be "unconfined". Provide
an example rule, in the apparmor.d man page, demonstrating the
peer=(label=unconfined) conditional.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 parser/apparmor.d.pod | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index ff7887d83..dd1e6ff0f 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -741,6 +741,9 @@ Example AppArmor DBus rules:
          member=ExampleMethod
          peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
 
+    # Allow receive access for all unconfined peers
+    dbus receive peer=(label=unconfined)),
+
     # Allow eavesdropping on the system bus
     dbus eavesdrop bus=system,