Changeset View
Changeset View
Standalone View
Standalone View
autotests/html/usr.bin.apparmor-profile-test.html
| Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Line(s) | 93 | <span style="color:#644a9b;font-weight:bold;">profile</span> <span style="color:#644a9b;">hello_world</span> { | |||
|---|---|---|---|---|---|
| 94 | <span style="color:#898887;"># File rules (three different ways)</span> | 94 | <span style="color:#898887;"># File rules (three different ways)</span> | ||
| 95 | <span style="color:#0057ae;font-weight:bold;">file</span> /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/<span style="color:#3daee9;">**</span>.so<span style="font-weight:bold;"> mr</span>, | 95 | <span style="color:#0057ae;font-weight:bold;">file</span> /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/<span style="color:#3daee9;">**</span>.so<span style="font-weight:bold;"> mr</span>, | ||
| 96 | /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/<span style="color:#3daee9;">**</span><span style="font-weight:bold;"> r</span>, | 96 | /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/<span style="color:#3daee9;">**</span><span style="font-weight:bold;"> r</span>, | ||
| 97 | <span style="font-weight:bold;"> rk</span> /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/hello,file, | 97 | <span style="font-weight:bold;"> rk</span> /usr/lib<span style="color:#bf0303;">{</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">32</span><span style="color:#644a9b;">,</span><span style="color:#bf0303;">64}</span>/helloworld/hello,file, | ||
| 98 | 98 | | |||
| 99 | <span style="color:#898887;"># Link rules (two ways)</span> | 99 | <span style="color:#898887;"># Link rules (two ways)</span> | ||
| 100 | <span style="font-weight:bold;"> l</span> /foo1 <span style="color:#bf0303;font-weight:bold;">-></span> /bar, | 100 | <span style="font-weight:bold;"> l</span> /foo1 <span style="color:#bf0303;font-weight:bold;">-></span> /bar, | ||
| 101 | <span style="color:#0057ae;font-weight:bold;">link</span> /foo2 <span style="color:#bf0303;font-weight:bold;">-></span> bar, | 101 | <span style="color:#0057ae;font-weight:bold;">link</span> /foo2 <span style="color:#bf0303;font-weight:bold;">-></span> bar, | ||
| 102 | <span style="color:#0057ae;font-weight:bold;">link</span> /foo3 <span style="color:#bf0303;font-weight:bold;">to</span> bar, | | |||
| 103 | <span style="color:#0057ae;font-weight:bold;">link</span> <span style="color:#0057ae;">subset</span> /link<span style="color:#3daee9;">*</span> <span style="color:#bf0303;font-weight:bold;">-></span> /<span style="color:#3daee9;">**</span>, | 102 | <span style="color:#0057ae;font-weight:bold;">link</span> <span style="color:#0057ae;">subset</span> /link<span style="color:#3daee9;">*</span> <span style="color:#bf0303;font-weight:bold;">-></span> /<span style="color:#3daee9;">**</span>, | ||
| 104 | 103 | | |||
| 105 | <span style="color:#898887;"># Network rules</span> | 104 | <span style="color:#898887;"># Network rules</span> | ||
| 106 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">inet6</span> <span style="color:#0057ae;">tcp</span>, | 105 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">inet6</span> <span style="color:#0057ae;">tcp</span>, | ||
| 107 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">netlink</span> <span style="color:#0057ae;">dgram</span>, | 106 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">netlink</span> <span style="color:#0057ae;">dgram</span>, | ||
| 108 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">bluetooth</span>, | 107 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="color:#0057ae;">bluetooth</span>, | ||
| 109 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="font-style:italic;">unspec</span> <span style="color:#0057ae;">dgram</span>, | 108 | <span style="color:#0057ae;font-weight:bold;">network</span> <span style="font-style:italic;">unspec</span> <span style="color:#0057ae;">dgram</span>, | ||
| 110 | 109 | | |||
| Show All 21 Lines | |||||
| 132 | <span style="color:#0057ae;font-weight:bold;">unix</span> (<span style="font-weight:bold;">send</span>,<span style="font-weight:bold;">receive</span>) <span style="color:#006e28;">type</span>=(<span style="color:#0057ae;">stream</span>) <span style="color:#006e28;">protocol</span>=0 <span style="color:#006e28;">peer</span>=(<span style="color:#0057ae;">addr</span>=<span style="font-style:italic;">none</span>), | 131 | <span style="color:#0057ae;font-weight:bold;">unix</span> (<span style="font-weight:bold;">send</span>,<span style="font-weight:bold;">receive</span>) <span style="color:#006e28;">type</span>=(<span style="color:#0057ae;">stream</span>) <span style="color:#006e28;">protocol</span>=0 <span style="color:#006e28;">peer</span>=(<span style="color:#0057ae;">addr</span>=<span style="font-style:italic;">none</span>), | ||
| 133 | <span style="color:#0057ae;font-weight:bold;">unix</span> <span style="color:#006e28;">peer</span>=(<span style="color:#0057ae;">label</span>=<span style="color:#b08000;">@{profile_name}</span>,<span style="color:#0057ae;">addr</span>=@helloworld), | 132 | <span style="color:#0057ae;font-weight:bold;">unix</span> <span style="color:#006e28;">peer</span>=(<span style="color:#0057ae;">label</span>=<span style="color:#b08000;">@{profile_name}</span>,<span style="color:#0057ae;">addr</span>=@helloworld), | ||
| 134 | 133 | | |||
| 135 | <span style="color:#898887;"># Rlimit rule</span> | 134 | <span style="color:#898887;"># Rlimit rule</span> | ||
| 136 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">data</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">100</span><span style="color:#b08000;font-weight:bold;">M</span>, | 135 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">data</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">100</span><span style="color:#b08000;font-weight:bold;">M</span>, | ||
| 137 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">nproc</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">10</span>, | 136 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">nproc</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">10</span>, | ||
| 138 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">memlock</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">2</span><span style="color:#b08000;font-weight:bold;">GB</span>, | 137 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">memlock</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">2</span><span style="color:#b08000;font-weight:bold;">GB</span>, | ||
| 139 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">rss</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">infinity</span>, | 138 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">rss</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">infinity</span>, | ||
| 139 | <span style="color:#0057ae;font-weight:bold;">set</span> <span style="color:#0057ae;font-weight:bold;">rlimit</span> <span style="color:#0057ae;">nice</span> <span style="color:#bf0303;font-weight:bold;"><=</span> <span style="color:#b08000;">-12</span>, | ||||
| 140 | 140 | | |||
| 141 | <span style="color:#898887;"># Change Profile rules</span> | 141 | <span style="color:#898887;"># Change Profile rules</span> | ||
| 142 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> <span style="color:#0057ae;">unsafe</span> /<span style="color:#3daee9;">**</span> <span style="color:#bf0303;font-weight:bold;">-></span> <span style="color:#644a9b;font-style:italic;">[^u/]</span><span style="color:#3daee9;font-style:italic;">**</span>, | 142 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> <span style="color:#0057ae;">unsafe</span> /<span style="color:#3daee9;">**</span> <span style="color:#bf0303;font-weight:bold;">-></span> <span style="color:#644a9b;font-style:italic;">[^u/]</span><span style="color:#3daee9;font-style:italic;">**</span>, | ||
| 143 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> <span style="color:#0057ae;">unsafe</span> /<span style="color:#3daee9;">**</span> <span style="color:#bf0303;font-weight:bold;">-></span> <span style="color:#644a9b;font-style:italic;">{u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}</span>, | 143 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> <span style="color:#0057ae;">unsafe</span> /<span style="color:#3daee9;">**</span> <span style="color:#bf0303;font-weight:bold;">-></span> <span style="color:#644a9b;font-style:italic;">{u,un,unc,unco,uncon,unconf,unconfi,unconfin,unconfine}</span>, | ||
| 144 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> /bin/bash <span style="color:#bf0303;font-weight:bold;">-></span> | 144 | <span style="color:#0057ae;font-weight:bold;">change_profile</span> /bin/bash <span style="color:#bf0303;font-weight:bold;">-></span> | ||
| 145 | <span style="color:#644a9b;font-style:italic;">new_profile</span><span style="color:#ca60ca;font-weight:bold;font-style:italic;">//</span><span style="color:#644a9b;font-style:italic;">hat</span>, | 145 | <span style="color:#644a9b;font-style:italic;">new_profile</span><span style="color:#ca60ca;font-weight:bold;font-style:italic;">//</span><span style="color:#644a9b;font-style:italic;">hat</span>, | ||
| 146 | } | 146 | } | ||
| 147 | 147 | | |||
| ▲ Show 20 Lines • Show All 135 Lines • Show Last 20 Lines | |||||