From df37c299e159280766be8da92ee05edc9449ce55 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Tue, 28 Jun 2022 23:20:10 +0200
Subject: [PATCH] zgrep: allow executing egrep and fgrep

egrep and fgrep also need to execute grep and write to /dev/tty in the
helper child profile.

Fixes: https://progress.opensuse.org/issues/113108
---
 profiles/apparmor.d/zgrep | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/zgrep b/profiles/apparmor.d/zgrep
index 702d1468c..ed342b20d 100644
--- a/profiles/apparmor.d/zgrep
+++ b/profiles/apparmor.d/zgrep
@@ -20,7 +20,9 @@ profile zgrep /usr/bin/{x,}zgrep {
   /usr/bin/{ba,da,}sh ix,
   /usr/bin/bzip2 Cx -> helper,
   /usr/bin/cat ix,
+  /usr/bin/egrep Cx -> helper,
   /usr/bin/expr ix,
+  /usr/bin/fgrep Cx -> helper,
   /usr/bin/grep Cx -> helper,
   /usr/bin/gzip Cx -> helper,
   /usr/bin/mktemp ix,
@@ -41,9 +43,11 @@ profile zgrep /usr/bin/{x,}zgrep {
     capability dac_override,
     capability dac_read_search,
 
+    /dev/tty w,
+
     /usr/bin/{ba,da,}sh ix,
     /usr/bin/bzip2 mr,
-    /usr/bin/grep mr,
+    /usr/bin/grep mrix,
     /usr/bin/gzip mr,
     /usr/bin/xz mr,
     /usr/bin/zstd mr,