mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 01:57:43 +00:00
e087db57b2
Add the optional 'file' keyword to the language/grammer. The main reason for doing this is to support false token injection. Which is needed to move towards the parser being broken out into an api that can be used to parse individual rule types, separate from parsing the whole file. Since we are adding the token to the grammar expose it to userspace with the 'file' keyword. While not needed it helps bring consistency, as all the other rule types start with a keyword (capability, network, rlimit, ...). Also allow the bare keyword to be used to represent allowing all file operations, just as with network and capability. Domain transitions are defaulted to ix. Thus file, is equivalent to /** rwlkmix, Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees@ubuntu.com>
10 lines
129 B
Plaintext
10 lines
129 B
Plaintext
#
|
|
#=DESCRIPTION A simple successful profile
|
|
#=EXRESULT PASS
|
|
#
|
|
/usr/bin/foo {
|
|
file /usr/bin/foo r,
|
|
file /usr/bin/blah rix,
|
|
}
|
|
|