2
0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00

parser: add support for prompt profile mode

Add support for the prompt profile mode.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2019-12-05 14:20:24 -08:00
parent a271b2474c
commit e5dace9ffd
16 changed files with 144 additions and 3 deletions

View File

@@ -115,7 +115,7 @@ B<PROFILE FLAG CONDS> = [ 'flags=' ] '(' comma or white space separated list of
B<PROFILE FLAGS> = I<PROFILE MODE> | I<AUDIT_MODE> | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative' | 'debug'
B<PROFILE MODE> = 'enforce' | 'complain' | 'kill' | 'unconfined'
B<PROFILE MODE> = 'enforce' | 'complain' | 'kill' | 'unconfined' | 'prompt'
B<AUDIT MODE> = 'audit'
@@ -459,6 +459,11 @@ profile replacement. This mode is should not be used under regular
deployment but can be useful during debugging and some system
initialization scenarios.
=item B<prompt> This mode allows task mediation to send an up call to
userspace to ask for a decision when there isn't a rule covering the
permission request. If userspace does not respond then the access
will be denied.
=back
=head4 Audit Mode