Accepting request 985681 from home:cboltz

- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) OBS-URL: https://build.opensuse.org/request/show/985681 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=338
2022-06-28 22:06:37 +00:00 · 2022-06-28 22:06:37 +00:00 · 0789b32d69
commit 0789b32d69
parent e26436faab
3 changed files with 19 additions and 7 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jun 28 21:34:26 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
+  (poo#113108)
+
 -------------------------------------------------------------------
 Sun May 15 18:59:47 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -88,7 +88,8 @@ Patch7:         update-samba-bgqd.diff
 # merged upstream (2.12..master) 2022-03-13 https://gitlab.com/apparmor/apparmor/-/merge_requests/862
 Patch8:         update-usr-sbin-smbd.diff

-# add zgrep and xzgrep profile (merged upstream 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + 2022-04-18 https://gitlab.com/apparmor/apparmor/-/merge_requests/873 - master only)
+# add zgrep and xzgrep profile (merged upstream 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + merged upstream 2022-04-18 https://gitlab.com/apparmor/apparmor/-/merge_requests/873
+#                               + 2022-06-28 https://gitlab.com/apparmor/apparmor/-/merge_requests/892 - master only)
 Patch9:         zgrep-profile-mr870.diff

 # squash noisy setsockopt calls - merged upstream master+3.0 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/867
--- a/zgrep-profile-mr870.diff
+++ b/zgrep-profile-mr870.diff
@ -1,4 +1,5 @@
 [Extended to include the fix from https://gitlab.com/apparmor/apparmor/-/merge_requests/873]
+[Extended to include the fix from https://gitlab.com/apparmor/apparmor/-/merge_requests/892]


 From 3a3b49ccd93d00cbc373319b90c6acecdd6f45fa Mon Sep 17 00:00:00 2001
@ -17,10 +18,10 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep
 ===================================================================
 --- /dev/null
 +++ apparmor-3.0.4/profiles/apparmor.d/zgrep
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,66 @@
 +# ------------------------------------------------------------------
 +#
-+#    Copyright (C) 2021 Christian Boltz
+#    Copyright (C) 2022 Christian Boltz
 +#
 +#    This program is free software; you can redistribute it and/or
 +#    modify it under the terms of version 2 of the GNU General Public
@ -37,10 +38,12 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep
 +  include <abstractions/bash>
 +
 +  /dev/tty rw,
-+  /usr/bin/bash ix,
+  /usr/bin/{ba,da,}sh ix,
 +  /usr/bin/bzip2 Cx -> helper,
 +  /usr/bin/cat ix,
+  /usr/bin/egrep Cx -> helper,
 +  /usr/bin/expr ix,
+  /usr/bin/fgrep Cx -> helper,
 +  /usr/bin/grep Cx -> helper,
 +  /usr/bin/gzip Cx -> helper,
 +  /usr/bin/mktemp ix,
@ -61,9 +64,11 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep
 +    capability dac_override,
 +    capability dac_read_search,
 +
-+    /usr/bin/bash ix,
+    /dev/tty w,
+
+    /usr/bin/{ba,da,}sh ix,
 +    /usr/bin/bzip2 mr,
-+    /usr/bin/grep mr,
+    /usr/bin/grep mrix,
 +    /usr/bin/gzip mr,
 +    /usr/bin/xz mr,
 +    /usr/bin/zstd mr,
@ -75,7 +80,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep
 +    include <abstractions/base>
 +
 +    /dev/tty rw,
-+    /usr/bin/bash ix,
+    /usr/bin/{ba,da,}sh ix,
 +    /usr/bin/sed mr,
 +
 +  }