From 0789b32d697beb554b35690b34c1b5787ce8e3b67dc14af6a0d71a8158699efd Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Tue, 28 Jun 2022 22:06:37 +0000 Subject: [PATCH] Accepting request 985681 from home:cboltz - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) OBS-URL: https://build.opensuse.org/request/show/985681 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=338 --- apparmor.changes | 6 ++++++ apparmor.spec | 3 ++- zgrep-profile-mr870.diff | 17 +++++++++++------ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/apparmor.changes b/apparmor.changes index 1d2cf51..d5bde88 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jun 28 21:34:26 UTC 2022 - Christian Boltz + +- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep + (poo#113108) + ------------------------------------------------------------------- Sun May 15 18:59:47 UTC 2022 - Christian Boltz diff --git a/apparmor.spec b/apparmor.spec index ec291cb..52eb238 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -88,7 +88,8 @@ Patch7: update-samba-bgqd.diff # merged upstream (2.12..master) 2022-03-13 https://gitlab.com/apparmor/apparmor/-/merge_requests/862 Patch8: update-usr-sbin-smbd.diff -# add zgrep and xzgrep profile (merged upstream 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + 2022-04-18 https://gitlab.com/apparmor/apparmor/-/merge_requests/873 - master only) +# add zgrep and xzgrep profile (merged upstream 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + merged upstream 2022-04-18 https://gitlab.com/apparmor/apparmor/-/merge_requests/873 +# + 2022-06-28 https://gitlab.com/apparmor/apparmor/-/merge_requests/892 - master only) Patch9: zgrep-profile-mr870.diff # squash noisy setsockopt calls - merged upstream master+3.0 2022-04-12 https://gitlab.com/apparmor/apparmor/-/merge_requests/867 diff --git a/zgrep-profile-mr870.diff b/zgrep-profile-mr870.diff index 71c42cf..2c63657 100644 --- a/zgrep-profile-mr870.diff +++ b/zgrep-profile-mr870.diff @@ -1,4 +1,5 @@ [Extended to include the fix from https://gitlab.com/apparmor/apparmor/-/merge_requests/873] +[Extended to include the fix from https://gitlab.com/apparmor/apparmor/-/merge_requests/892] From 3a3b49ccd93d00cbc373319b90c6acecdd6f45fa Mon Sep 17 00:00:00 2001 @@ -17,10 +18,10 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep =================================================================== --- /dev/null +++ apparmor-3.0.4/profiles/apparmor.d/zgrep -@@ -0,0 +1,62 @@ +@@ -0,0 +1,66 @@ +# ------------------------------------------------------------------ +# -+# Copyright (C) 2021 Christian Boltz ++# Copyright (C) 2022 Christian Boltz +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public @@ -37,10 +38,12 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep + include + + /dev/tty rw, -+ /usr/bin/bash ix, ++ /usr/bin/{ba,da,}sh ix, + /usr/bin/bzip2 Cx -> helper, + /usr/bin/cat ix, ++ /usr/bin/egrep Cx -> helper, + /usr/bin/expr ix, ++ /usr/bin/fgrep Cx -> helper, + /usr/bin/grep Cx -> helper, + /usr/bin/gzip Cx -> helper, + /usr/bin/mktemp ix, @@ -61,9 +64,11 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep + capability dac_override, + capability dac_read_search, + -+ /usr/bin/bash ix, ++ /dev/tty w, ++ ++ /usr/bin/{ba,da,}sh ix, + /usr/bin/bzip2 mr, -+ /usr/bin/grep mr, ++ /usr/bin/grep mrix, + /usr/bin/gzip mr, + /usr/bin/xz mr, + /usr/bin/zstd mr, @@ -75,7 +80,7 @@ Index: apparmor-3.0.4/profiles/apparmor.d/zgrep + include + + /dev/tty rw, -+ /usr/bin/bash ix, ++ /usr/bin/{ba,da,}sh ix, + /usr/bin/sed mr, + + }