mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

zgrep: allow reading /etc/nsswitch.conf and /etc/passwd

Browse source 
Seen on various VMs, my guess is that bash wants to translate a uid to a
username.

Log events (slightly shortened)

apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/etc/nsswitch.conf" comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/etc/passwd" comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This commit is contained in:
Christian Boltz 2024-10-06 11:05:52 +02:00
parent bb460ba467
commit 68d42c3e37
Failed to generate hash of commit
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
profiles/apparmor.d/zgrep
View file

@ -17,6 +17,8 @@ profile zgrep /usr/bin/{x,}zgrep {
include <abstractions/bash>
/dev/tty rw,
@{etc_ro}/nsswitch.conf r,
/etc/passwd r,
/usr/bin/{ba,da,}sh ix,
/usr/bin/bzip2 Cx -> helper,
/usr/bin/cat ix,