Bug 1198531 - AppArmor profile for zgrep is incomplete
AppArmor profile for zgrep is incomplete
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: AppArmor
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Christian Boltz
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-16 05:13 UTC by Achim Gratz
Modified: 2022-04-21 10:35 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Achim Gratz 2022-04-16 05:13:30 UTC
Option processing in zgrep stopped working since the AppArmor profile does not allow /usr/bin/expr to be executed:

~> zgrep -ah . /dev/null
/usr/bin/zgrep: line 69: /usr/bin/expr: Permission denied
/usr/bin/zgrep: eval: line 70: unexpected EOF while looking for matching `''
/usr/bin/zgrep: eval: line 71: syntax error: unexpected end of file
/usr/bin/zgrep: line 71: /usr/bin/expr: Permission denied
/usr/bin/grep: .: Is a directory

The following patch fixes the problem (after reloading the profile of course):

--- /etc/apparmor.d/zgrep
+++ #<buffer zgrep>
@@ -20,6 +20,7 @@
   /usr/bin/bash ix,
   /usr/bin/bzip2 Cx -> helper,
   /usr/bin/cat ix,
+  /usr/bin/expr ix,
   /usr/bin/grep Cx -> helper,
   /usr/bin/gzip Cx -> helper,
   /usr/bin/mktemp ix,
Comment 1 Christian Boltz 2022-04-16 20:42:22 UTC
Thanks for the report!

Fix submitted to Tumbleweed in SR 970466, and upstream as
https://gitlab.com/apparmor/apparmor/-/merge_requests/873
Comment 2 OBSbugzilla Bot 2022-04-16 22:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1198531) was mentioned in
https://build.opensuse.org/request/show/970466 Factory / apparmor