mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 06:45:38 +00:00
Code Issues Releases Wiki Activity

lsb_release: allow cat and cut

Browse Source 
lsb_release fails on Debian Sid:

```
$ sudo aa-exec -p lsb_release lsb_release
/usr/bin/lsb_release: 70: cut: Permission denied
/usr/bin/lsb_release: 70: cut: Permission denied
```

```
$ sudo aa-exec -p lsb_release lsb_release -h
/usr/bin/lsb_release: 11: cat: Permission denied
```

```
type=AVC msg=audit(1669540199.087:2680): apparmor="DENIED"
operation="exec" profile="lsb_release" name="/usr/bin/cut" pid=17419
comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0
ouid=0FSUID="root" OUID="root"
```

```
type=AVC msg=audit(1669540392.244:2944): apparmor="DENIED"
operation="exec" profile="lsb_release" name="/usr/bin/cat" pid=17847
comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0
ouid=0FSUID="root" OUID="root"
```

Update profile to allow lsb_release script to invoke required
executables.
This commit is contained in:
Vincas Dargis
2022-11-27 11:14:59 +02:00
parent 14e3709742
commit f596a17670
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
profiles/apparmor.d/lsb_release
View File

@@ -30,6 +30,8 @@ profile lsb_release {
/{usr/,}bin/dash ixr,
/usr/bin/basename ixr,
/usr/bin/dpkg-query ixr,
/usr/bin/cat ixr,
/usr/bin/cut ixr,
/usr/bin/getopt ixr,
/usr/bin/sed ixr,
/usr/bin/tr ixr,