On Tue, Aug 4, 2020 at 12:14 PM Richard Haines
<richard_c_haines@xxxxxxxxxxxxxx> wrote:
> On Mon, 2020-08-03 at 21:33 -0400, Paul Moore wrote:
...
> > +*rule_name*
> > +
> > +The applicable *allowxperm*, *dontauditxperm*, *auditallowxperm*
> > +or *neverallowxperm* rule keyword.
> > +
> > +*source_type*
> > +
> > +One or more source / target *type*, *typealias* or *attribute*
> > identifiers.
> > +Multiple entries consist of a space separated list enclosed in
> > braces \'{}\'.
> > +Entries can be excluded from the list by using the negative operator
> > \'-\'.
> > +
> > +*target_type*
> > +
> > +The target_type can have the *self* keyword instead of *type*,
> > *typealias* or
> > +*attribute* identifiers. This means that the *target_type* is the
> > same as the
> > +*source_type*.
> > +
> > +*class*
> > +
> > +One or more object classes. Multiple entries consist of a space
> > separated list
> > +enclosed in braces \'{}\'.
>
> I've had a rethink on this and wonder if it would be clearer if the
> descriptions were a bullet list:
>
> *class*
>
> - One or more object classes. Multiple ...
Ooops. I forgot about this comment in my inbox when I merged the
patchset; although I guess even if we go with the bulleted list having
the table in markdown first should make this easier.
I guess we could give it a try and see how it looks? My only concern
is that sometimes a list with only one item can look a bit "off". Or
an I misunderstanding what you are proposing?
--
paul moore
www.paul-moore.com
