fapolicyd/fapolicyd-man-page.patch
Radovan Sroka dbbcd10a89
New update of fapolicyd
- backported few cosmetic small patches from upstream master
- rebase selinux tarbal to v0.3
- file context pattern for /run/fapolicyd.pid is missing
  Resolves: rhbz#1834674

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
2020-06-24 17:18:23 +02:00

34 lines
3.6 KiB
Diff

diff -up ./doc/fapolicyd-cli.1.man-page ./doc/fapolicyd-cli.1
--- ./doc/fapolicyd-cli.1.man-page 2020-06-01 14:20:55.720491113 +0200
+++ ./doc/fapolicyd-cli.1 2020-06-01 14:20:59.684554153 +0200
@@ -16,7 +16,7 @@ Deletes the trust database. Normally thi
.B \-D, \-\-dump-db
Dumps the trust db contents for inspection. This will print the original trust source, path, file size, and SHA256 sum of the file as known by the trust source the entry came from.
.TP
-.B \-f, \-\-file [add] [path]
+.B \-f, \-\-file add|delete|update [path]
Manage the file trust database.
.RS
.TP 12
diff -up ./doc/fapolicyd.rules.5.man-page ./doc/fapolicyd.rules.5
--- ./doc/fapolicyd.rules.5.man-page 2020-05-24 19:23:27.000000000 +0200
+++ ./doc/fapolicyd.rules.5 2020-06-01 14:20:31.272102326 +0200
@@ -14,7 +14,7 @@ for the access control decision. The col
.SS Decision
The decision is either
.IR allow ", " deny ", " allow_audit ", " deny_audit ", " allow_syslog ", "deny_syslog ", " allow_log ", or " deny_log ".
-If the rule triggers, this is the access decision that fapolicyd will tell the kernel. If the decision is one of the audit variety, then the decision will trigger a FANOTIFY audit event with all relevant information. If the decision is one of the syslog variety, then the decision will trigger writing an event into syslog. If the decision is of one the log variety, then it will create an audit event and a syslog event.
+If the rule triggers, this is the access decision that fapolicyd will tell the kernel. If the decision is one of the audit variety, then the decision will trigger a FANOTIFY audit event with all relevant information. If the decision is one of the syslog variety, then the decision will trigger writing an event into syslog. If the decision is of one the log variety, then it will create an audit event and a syslog event. Regardless of the notification, any rule with a deny in the keyword will deny access and any with an allow in the keyword will allow access.
.SS Perm
Perm describes what kind permission is being asked for. The permission is either
@@ -132,7 +132,7 @@ This option matches against the sha256 h
.RE
.SH SETS
-Set is a named group of values of the same type. Fapolicyd internally distinguishes between INT and STRING set types. You can define your own set and use it as a value for specific rule attribute. Definition is in key=value syntax and it starts with a set name. Set name has to start with % and the rest is alphanumeric. Value is a comma separated list. The set type is inherited from the first item in the list. If that can be turned into number then whole list is expected to carry numbers. One can use these sets as a value for subject and object attributes. It is also possible to use a plain list as an attribute value without previous definition. Assigned set has to match attribute type. It is not possible set groups for TRUST and PATTERN attributes.
+Set is a named group of values of the same type. Fapolicyd internally distinguishes between INT and STRING set types. You can define your own set and use it as a value for a specific rule attribute. The definition is in key=value syntax and starts with a set name. The set name has to start with % and the rest is alphanumeric. The value is a comma separated list. The set type is inherited from the first item in the list. If that can be turned into number then whole list is expected to carry numbers. One can use these sets as a value for subject and object attributes. It is also possible to use a plain list as an attribute value without previous definition. The assigned set has to match the attribute type. It is not possible set groups for TRUST and PATTERN attributes.
.SS SETS EXAMPLES