diff --git a/utils/Makefile b/utils/Makefile index fefe06c24..1ee7691a2 100644 --- a/utils/Makefile +++ b/utils/Makefile @@ -1,6 +1,7 @@ # $Id$ # ---------------------------------------------------------------------- -# Copyright (c) 1999, 2004, 2005, 2006 NOVELL (All rights reserved) +# Copyright (c) 1999, 2004-2009 NOVELL (All rights reserved) +# Copyright (c) 2010 Canonical Ltd. # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -27,10 +28,11 @@ common/Make.rules: $(COMMONDIR)/Make.rules endif TOOLS = genprof logprof autodep audit complain enforce \ - unconfined aa-eventd apparmor_status aa-decode + unconfined aa-eventd apparmor_status aa-decode \ + apparmor_notify AA_MANPAGES = autodep.8 complain.8 enforce.8 logprof.8 genprof.8 unconfined.8 audit.8 -MANPAGES = ${AA_MANPAGES} logprof.conf.5 apparmor_status.8 aa-decode.8 +MANPAGES = ${AA_MANPAGES} logprof.conf.5 apparmor_status.8 aa-decode.8 apparmor_notify.8 all: ${MANPAGES} ${HTMLMANPAGES} make -C po all @@ -47,7 +49,7 @@ po/${NAME}.pot: ${TOOLS} .PHONY: install install: ${MANPAGES} ${HTMLMANPAGES} install -d ${CONFDIR} - install -m 644 logprof.conf severity.db ${CONFDIR} + install -m 644 logprof.conf severity.db notify.conf ${CONFDIR} install -d ${BINDIR} ln -sf apparmor_status ${BINDIR}/aa-status ln -sf audit ${BINDIR}/aa-audit @@ -57,6 +59,7 @@ install: ${MANPAGES} ${HTMLMANPAGES} ln -sf genprof ${BINDIR}/aa-genprof ln -sf logprof ${BINDIR}/aa-logprof ln -sf unconfined ${BINDIR}/aa-unconfined + ln -sf apparmor_notify ${BINDIR}/aa-notify install -m 755 ${TOOLS} ${BINDIR} install -d ${PERLDIR} install -m 755 SubDomain.pm Repository.pm Config.pm Reports.pm Severity.pm ${PERLDIR} @@ -65,7 +68,8 @@ install: ${MANPAGES} ${HTMLMANPAGES} make install_manpages DESTDIR=${DESTDIR} # special case for apparmor_status ln -sf apparmor_status.8 ${DESTDIR}/${MANDIR}/man8/aa-status.8 - + ln -sf apparmor_notify.8 ${DESTDIR}/${MANDIR}/man8/aa-notify.8 + .PHONY: clean .SILENT: clean clean: _clean diff --git a/utils/apparmor_notify.pod b/utils/apparmor_notify.pod new file mode 100644 index 000000000..ce81cfe45 --- /dev/null +++ b/utils/apparmor_notify.pod @@ -0,0 +1,94 @@ +# $Id$ +# This publication is intellectual property of Canonical Ltd. Its contents +# can be duplicated, either in part or in whole, provided that a copyright +# label is visibly located on each copy. +# +# All information found in this book has been compiled with utmost +# attention to detail. However, this does not guarantee complete accuracy. +# Neither Canonical Ltd, the authors, nor the translators shall be held +# liable for possible errors or the consequences thereof. +# +# Many of the software and hardware descriptions cited in this book +# are registered trademarks. All trade names are subject to copyright +# restrictions and may be registered trade marks. Canonical Ltd +# essentially adheres to the manufacturer's spelling. +# +# Names of products and trademarks appearing in this book (with or without +# specific notation) are likewise subject to trademark and trade protection +# laws and may thus fall under copyright restrictions. +# + + +=pod + +=head1 NAME + +apparmor_notify - display information about logged AppArmor messages. + +=head1 SYNOPSIS + +B [option] + +=head1 DESCRIPTION + +B will display a summary or provide desktop notifications +for AppArmor DENIED messages. + +=head1 OPTIONS + +B accepts the following arguments: + +=over 4 + +=item -p + +poll AppArmor logs and display desktop notifications. Can be used with '-s' +option to display a summary on startup. + +=item -l + +show summary since last login. + +=item -s NUM + +show summary for last NUM of days. + +=item -v + +show messages with summaries. + +=item -h + +displays a short usage statement. + +=head1 CONFIGURATION + +System-wide configuration for B is done via +/etc/apparmor/notify.conf: + + # set to 'yes' to enable AppArmor DENIED notifications + show_notifications="yes" + + # only people in use_group can use apparmor_notify + use_group="admin" + +Per-user configuration is done via ~/.apparmor/notify.conf: + + # set to 'yes' to enable AppArmor DENIED notifications + show_notifications="yes" + +=back + +=head1 BUGS + +B needs to be able to read the logfiles containing the +AppArmor DENIED messages. + +If you find any additional bugs, please report them to Launchpad at +L. + +=head1 SEE ALSO + +apparmor(7) + +=cut