mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

zgrep: allow executing egrep and fgrep

Browse Source 
egrep and fgrep also need to execute grep and write to /dev/tty in the
helper child profile.

Fixes: https://progress.opensuse.org/issues/113108
This commit is contained in:
Christian Boltz
2022-06-28 23:20:10 +02:00
parent 08da556e4e
commit df37c299e1
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
profiles/apparmor.d/zgrep
View File

@@ -20,7 +20,9 @@ profile zgrep /usr/bin/{x,}zgrep {
/usr/bin/{ba,da,}sh ix,
/usr/bin/bzip2 Cx -> helper,
/usr/bin/cat ix,
/usr/bin/egrep Cx -> helper,
/usr/bin/expr ix,
/usr/bin/fgrep Cx -> helper,
/usr/bin/grep Cx -> helper,
/usr/bin/gzip Cx -> helper,
/usr/bin/mktemp ix,
@@ -41,9 +43,11 @@ profile zgrep /usr/bin/{x,}zgrep {
capability dac_override,
capability dac_read_search,
/dev/tty w,
/usr/bin/{ba,da,}sh ix,
/usr/bin/bzip2 mr,
/usr/bin/grep mr,
/usr/bin/grep mrix,
/usr/bin/gzip mr,
/usr/bin/xz mr,
/usr/bin/zstd mr,