mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

lsblk: allow access to PCI buses with hex chars

Browse Source 
This fixes the following error when a block device's PCI bus starts with
a non-decimal hex character and `lsblk /dev/nvme2n1` is executed:
```
audit: type=1400 audit(1751394406.516:554): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/pci0000:a0/0000:a0:01.1/0000:a1:00.0/nvme/nvme2/nvme2n1/" pid=164652 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```
I used hex4 and hex2 as it matches the example from
https://docs.kernel.org/PCI/sysfs-pci.html and also because lspci(8)
says:
> domains are numbered from 0 to ffff
>
> bus (0 to ff)

Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2111604
Signed-off-by: Louis Sautier <sautier.louis@gmail.com>
This commit is contained in:
Louis Sautier 2025-07-01 20:37:28 +02:00
parent 0f76632aec
commit f16dd60f14
No known key found for this signature in database
GPG Key ID: A777716B30AE82E3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/lsblk
View File

@ -23,7 +23,7 @@ profile lsblk /usr/bin/lsblk {
@{sys}/class/block/ r,
@{sys}/dev/block/ r,
@{sys}/devices/pci@{int}:@{int}/** r,
@{sys}/devices/pci@{hex4}:@{hex2}/** r,
@{sys}/devices/virtual/** r,
@{sys}/devices/platform/** r,