mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

zgrep: allow reading /etc/nsswitch.conf and /etc/passwd

Browse Source 
Seen on various VMs, my guess is that bash wants to translate a uid to a
username.

Log events (slightly shortened)

apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/etc/nsswitch.conf" comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/etc/passwd" comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This commit is contained in:
Christian Boltz 2024-10-06 11:05:52 +02:00
parent bb460ba467
commit 68d42c3e37
No known key found for this signature in database
GPG Key ID: C6A682EA63C82F1C
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/zgrep
View File

@ -17,6 +17,8 @@ profile zgrep /usr/bin/{x,}zgrep {
include <abstractions/bash>
/dev/tty rw,
@{etc_ro}/nsswitch.conf r,
/etc/passwd r,
/usr/bin/{ba,da,}sh ix,
/usr/bin/bzip2 Cx -> helper,
/usr/bin/cat ix,