From c45ce5502e93e51c3cf4349d64e773561410d146 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Mon, 17 Feb 2025 16:16:29 -0800 Subject: [PATCH 1/2] Add terminfo abstraction with terminfo paths searched by ncurses Signed-off-by: Ryan Lee --- profiles/apparmor.d/abstractions/terminfo | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 profiles/apparmor.d/abstractions/terminfo diff --git a/profiles/apparmor.d/abstractions/terminfo b/profiles/apparmor.d/abstractions/terminfo new file mode 100644 index 000000000..c3391a02a --- /dev/null +++ b/profiles/apparmor.d/abstractions/terminfo @@ -0,0 +1,10 @@ + abi , + + # Default hardcoded locations searched by ncurses for terminfo + @{HOME}/.terminfo/** r, + /etc/terminfo/** r, + /{usr/,}lib/terminfo/** r, + /usr/share/terminfo/** r, + + # Local overrides for systems with TERMINFO env vars, etc. + include if exists From 1b87b7be5e07d3bf456511ae7b9597cb4b2925ab Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Mon, 17 Feb 2025 16:23:07 -0800 Subject: [PATCH 2/2] Replace terminfo lines in profiles with the terminfo abstraction Signed-off-by: Ryan Lee --- profiles/apparmor.d/alsamixer | 4 ++-- profiles/apparmor.d/lsb_release | 2 +- profiles/apparmor.d/tnftp | 7 ++----- profiles/apparmor/profiles/extras/usr.lib.man-db.man | 2 +- 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/profiles/apparmor.d/alsamixer b/profiles/apparmor.d/alsamixer index 24ac4e610..4d3d8146f 100644 --- a/profiles/apparmor.d/alsamixer +++ b/profiles/apparmor.d/alsamixer @@ -6,9 +6,9 @@ profile alsamixer /{usr,}/bin/alsamixer { include include include - include + include - /usr/share/terminfo/** r, + include @{sys}/devices/virtual/dmi/id/sys_vendor r, diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release index a3285bbe7..3f4091804 100644 --- a/profiles/apparmor.d/lsb_release +++ b/profiles/apparmor.d/lsb_release @@ -12,6 +12,7 @@ include profile lsb_release { include include + include owner @{PROC}/@{pid}/fd/ r, @@ -43,7 +44,6 @@ profile lsb_release { /usr/include/python*/pyconfig.h r, /usr/share/distro-info/** r, /usr/share/dpkg/** r, - /usr/share/terminfo/** r, /var/lib/dpkg/** r, # file_inherit diff --git a/profiles/apparmor.d/tnftp b/profiles/apparmor.d/tnftp index 73a938de2..b62a5aea8 100644 --- a/profiles/apparmor.d/tnftp +++ b/profiles/apparmor.d/tnftp @@ -21,6 +21,7 @@ profile tnftp /usr/bin/tnftp { include include include + include include include include @@ -28,9 +29,6 @@ profile tnftp /usr/bin/tnftp { network inet stream, network inet6 stream, - # readline wants to know terminal capabilities - file r /usr/share/terminfo/**, - # required for the pager (less, more) to work file Cx /usr/bin/dash, @@ -52,11 +50,10 @@ profile tnftp /usr/bin/tnftp { # Defined as sub profile of tnftp for backwards compatibility. profile dash//more { include + include network (send, receive) inet stream, network (send, receive) inet6 stream, - # readline wants to know terminal capabilities - file r /usr/share/terminfo/**, file mr /usr/bin/more, } diff --git a/profiles/apparmor/profiles/extras/usr.lib.man-db.man b/profiles/apparmor/profiles/extras/usr.lib.man-db.man index 5b099be2e..4814e731f 100644 --- a/profiles/apparmor/profiles/extras/usr.lib.man-db.man +++ b/profiles/apparmor/profiles/extras/usr.lib.man-db.man @@ -17,6 +17,7 @@ include include include include + include include /{usr/,}bin/bash rmix, @@ -61,7 +62,6 @@ include /usr/share/locale-bundle/** r, /usr/share/man/ r, /usr/share/man/** r, - /usr/share/terminfo/** r, /usr/share/texmf/teTeX/man/** r, /usr/share/postgresql/*/man/** rk,