|
737.
|
|
|
<emphasis>Capability entries:</emphasis> determine what privileges a confined process is allowed to use.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1077(para)
|
|
738.
|
|
|
As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:
|
|
|
|
作为一个例子,看一下<filename>/etc/apparmor.d/bin.ping</filename>:
|
|
Translated and reviewed by
Hugh SH
|
In upstream: |
|
作为一个例子来看看<filename>/etc/apparmor.d/bin.ping</filename>:
|
|
|
Suggested by
Hugh SH
|
|
|
|
Located in
serverguide/C/security.xml:1082(para)
|
|
739.
|
|
|
#include <tunables/global>
/bin/ping flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
/bin/ping mixr,
/etc/modules.conf r,
}
|
|
|
represents a line break.
Start a new line in the equivalent position in the translation.
|
|
|
represents a space character.
Enter a space in the equivalent position in the translation.
|
|
|
|
#include <tunables/global>
/bin/ping flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/nameservice>
capability net_raw,
capability setuid,
network inet raw,
/bin/ping mixr,
/etc/modules.conf r,
}
|
|
Translated and reviewed by
Hugh SH
|
|
|
|
Located in
serverguide/C/security.xml:1085(programlisting)
|
|
740.
|
|
|
<emphasis>#include <tunables/global>:</emphasis> include statements from other files. This allows statements pertaining to multiple applications to be placed in a common file.
|
|
|
|
<emphasis>#include <tunables/global>:</emphasis>包含了来自另外文件的声明。这样做使得来自不同应用程序的相关声明都被放置在同一个文件中。
|
|
Translated by
maxim(Feng Liu)
|
|
Reviewed by
Hugh SH
|
|
|
|
Located in
serverguide/C/security.xml:1102(para)
|
|
741.
|
|
|
<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled program, also setting the mode to <emphasis>complain</emphasis>.
|
|
|
|
(no translation yet)
|
|
|
|
Located in
serverguide/C/security.xml:1108(para)
|
|
742.
|
|
|
<emphasis>capability net_raw,:</emphasis> allows the application access to the CAP_NET_RAW Posix.1e capability.
|
|
|
|
<emphasis>capability net_raw,:</emphasis> 允许程序拥有连接 CAP_NET_RAW Posix.1e 的能力。
|
|
Translated and reviewed by
Hugh SH
|
|
|
|
Located in
serverguide/C/security.xml:1114(para)
|
|
743.
|
|
|
<emphasis>/bin/ping mixr,:</emphasis> allows the application read and execute access to the file.
|
|
|
|
<emphasis>/bin/ping mixr,:</emphasis> 允许应用程序读取和执行该文件。
|
|
Translated and reviewed by
Yiding He
|
|
|
|
Located in
serverguide/C/security.xml:1119(para)
|
|
744.
|
|
|
After editing a profile file the profile must be reloaded. See <xref linkend="apparmor-usage"/> for details.
|
|
|
|
编辑配置文件后必须重新载入配置文件。参看<xref linkend="apparmor-usage"/> 获取详情
|
|
Translated by
king_li
|
|
Reviewed by
Wylmer Wang
|
|
|
|
Located in
serverguide/C/security.xml:1125(para)
|
|
745.
|
|
|
Creating a Profile
|
|
|
|
创建配置文件
|
|
Translated and reviewed by
Wylmer Wang
|
|
|
|
Located in
serverguide/C/security.xml:1130(title)
|
|
746.
|
|
|
<emphasis>Design a test plan:</emphasis> Try to think about how the application should be exercised. The test plan should be divided into small test cases. Each test case should have a small description and list the steps to follow.
|
|
|
|
<emphasis>设计测试计划:</emphasis> 试着思考应用程序会怎样运行。测试计划可以分解为小的测试用例。对每个测试用例,应该有个简短的描述,并列出应该执行的步骤。
|
|
Translated by
wsw
|
|
Reviewed by
Wylmer Wang
|
|
|
|
Located in
serverguide/C/security.xml:1133(para)
|