.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "aa_policy_cache 3" .TH aa_policy_cache 3 "2015-06-15" "AppArmor 2.10.95" "AppArmor" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" aa_policy_cache \- an opaque object representing an AppArmor policy cache .PP aa_policy_cache_new \- create a new aa_policy_cache object from a path .PP aa_policy_cache_ref \- increments the ref count of an aa_policy_cache object .PP aa_policy_cache_unref \- decrements the ref count and frees the aa_policy_cache object when 0 .PP aa_policy_cache_remove \- removes all policy cache files under a path .PP aa_policy_cache_replace_all \- performs a kernel policy replacement of all cached policies .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fB#include \fR .PP \&\fBtypedef struct aa_policy_cache aa_policy_cache;\fR .PP \&\fBint aa_policy_cache_new(aa_policy_cache **policy_cache, aa_features *kernel_features, int dirfd, const char *path, uint16_t max_caches);\fR .PP \&\fBaa_policy_cache *aa_policy_cache_ref(aa_policy_cache *policy_cache);\fR .PP \&\fBvoid aa_policy_cache_unref(aa_policy_cache *policy_cache);\fR .PP \&\fBint aa_policy_cache_remove(int dirfd, const char *path);\fR .PP \&\fBint aa_policy_cache_replace_all(aa_policy_cache *policy_cache, aa_kernel_interface *kernel_interface);\fR .PP Link with \fB\-lapparmor\fR when compiling. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fIaa_policy_cache\fR object contains information about a set of AppArmor policy cache files. The policy cache files are the binary representation of a human-readable AppArmor profile. The binary representation is the form that is loaded into the kernel. .PP The \fIaa_policy_cache_new()\fR function creates an \fIaa_policy_cache\fR object based upon a directory file descriptor and path. The \fIpath\fR must point to a directory. See the \fIopenat\fR\|(2) man page for examples of \fIdirfd\fR and \fIpath\fR. If \&\fIkernel_features\fR is \s-1NULL,\s0 then the features of the current kernel are used. When specifying a valid \fIkernel_features\fR object, it must be the compatible with the features of the kernel of interest. The value of \fImax_caches\fR should be equal to the number of caches that should be allowed before old caches are automatically reaped. The definition of what is considered to be an old cache is private to libapparmor. Specifying 0 means that no new caches should be created and only existing, valid caches may be used. Specifying \s-1UINT16_MAX\s0 means that a new cache may be created and that the reaping of old caches is disabled. The allocated \fIaa_policy_cache\fR object must be freed using \&\fIaa_policy_cache_unref()\fR. .PP \&\fIaa_policy_cache_ref()\fR increments the reference count on the \fIpolicy_cache\fR object. .PP \&\fIaa_policy_cache_unref()\fR decrements the reference count on the \fIpolicy_cache\fR object and releases all corresponding resources when the reference count reaches zero. .PP The \fIaa_policy_cache_remove()\fR function deletes all of the policy cache files based upon a directory file descriptor and path. The \fIpath\fR must point to a directory. See the \fIopenat\fR\|(2) man page for examples of \fIdirfd\fR and \fIpath\fR. .PP The \fIaa_policy_cache_replace_all()\fR function can be used to perform a policy replacement of all of the cache policies in the cache directory represented by the \fIpolicy_cache\fR object. If \fIkernel_interface\fR is \s-1NULL,\s0 then the current kernel interface is used. When specifying a valid \fIkernel_interface\fR object, it must be the interface of the currently running kernel. .SH "RETURN VALUE" .IX Header "RETURN VALUE" The \fIaa_policy_cache_new()\fR function returns 0 on success and \fI*policy_cache\fR will point to an \fIaa_policy_cache\fR object that must be freed by \&\fIaa_policy_cache_unref()\fR. \-1 is returned on error, with errno set appropriately, and \fI*policy_cache\fR will be set to \s-1NULL.\s0 .PP \&\fIaa_policy_cache_ref()\fR returns the value of \fIpolicy_cache\fR. .PP \&\fIaa_policy_cache_remove()\fR and \fIaa_policy_cache_replace_all()\fR return 0 on success. \&\-1 is returned on error, with errno set appropriately. .SH "ERRORS" .IX Header "ERRORS" The errno value will be set according to the underlying error in the \&\fIaa_policy_cache\fR family of functions that return \-1 on error. .SH "NOTES" .IX Header "NOTES" All aa_policy_cache functions described above are present in libapparmor version 2.10 and newer. .SH "BUGS" .IX Header "BUGS" None known. If you find any, please report them at . .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIaa_features\fR\|(3), \fIaa_kernel_interface\fR\|(3), \fIopenat\fR\|(2) and .