apparmor

mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 01:11:00 +01:00

History

Christian Boltz 4244737f65 Merge lsb_release: allow cat and cut lsb_release fails on Debian Sid: ``` $ sudo aa-exec -p lsb_release lsb_release /usr/bin/lsb_release: 70: cut: Permission denied /usr/bin/lsb_release: 70: cut: Permission denied ``` ``` $ sudo aa-exec -p lsb_release lsb_release -h /usr/bin/lsb_release: 11: cat: Permission denied ``` ``` type=AVC msg=audit(1669540199.087:2680): apparmor="DENIED" operation="exec" profile="lsb_release" name="/usr/bin/cut" pid=17419 comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0 ouid=0FSUID="root" OUID="root" ``` ``` type=AVC msg=audit(1669540392.244:2944): apparmor="DENIED" operation="exec" profile="lsb_release" name="/usr/bin/cat" pid=17847 comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0 ouid=0FSUID="root" OUID="root" ``` Update profile to allow lsb_release script to invoke required executables. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/953 Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de> (cherry picked from commit `495f68c797`) `f596a176` lsb_release: allow cat and cut		2022-11-27 13:00:19 +00:00
..
abi	policy: Provide example and base abi to pin pre 3.0 policy	2020-08-28 12:57:00 -07:00
abstractions	Allow access to possible cpus for glibc-2.36	2022-11-14 21:47:18 -08:00
apache2.d	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
local	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
tunables	Define @{HOMEDIRS} before using it in @{HOME}	2022-01-05 21:00:50 +01:00
bin.ping	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
lsb_release	Merge lsb_release: allow cat and cut	2022-11-27 13:00:19 +00:00
nvidia_modprobe	nvidia_modprobe: allow creating /dev/nvidia-modeset	2020-09-03 18:20:33 +03:00
php-fpm	Merge profiles: permit php-fpm pid files directly under run/	2022-08-26 10:36:11 +00:00
samba-bgqd	Merge profiles/apparmor.d: Update samba profile	2022-10-01 10:20:32 +00:00
samba-dcerpcd	Merge profiles/apparmor.d: Update samba profile	2022-10-01 10:20:32 +00:00
samba-rpcd	Merge profiles/apparmor.d: Update samba profile	2022-10-01 10:20:32 +00:00
samba-rpcd-classic	Merge profiles/apparmor.d: Update samba profile	2022-10-01 10:20:32 +00:00
samba-rpcd-spoolss	Merge samba-rpcd-spoolss: allow mkdir /var/cache/samba/printing/	2022-10-27 22:34:12 +00:00
sbin.klogd	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
sbin.syslog-ng	Merge syslog-ng: allow reading *.journal in flatter directory structure	2022-10-28 05:56:57 -07:00
sbin.syslogd	Update syslogd for inetutils-syslogd	2022-06-25 21:15:51 +02:00
usr.lib.apache2.mpm-prefork.apache2	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.lib.dovecot.anvil	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.auth	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.config	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.deliver	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.dict	Merge Dovecot profile updates	2020-06-12 21:23:22 +00:00
usr.lib.dovecot.director	profiles: Add 3 more dovecot services	2020-10-07 20:26:01 +02:00
usr.lib.dovecot.doveadm-server	profiles: Add 3 more dovecot services	2020-10-07 20:26:01 +02:00
usr.lib.dovecot.dovecot-auth	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.dovecot-lda	profiles: Add a hosts_access abstraction	2020-09-01 19:39:59 -07:00
usr.lib.dovecot.imap	Add missing permissions for dovecot-{imap,lmtp,pop3}	2022-05-15 20:53:35 +02:00
usr.lib.dovecot.imap-login	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.lmtp	Add missing permissions for dovecot-{imap,lmtp,pop3}	2022-05-15 20:53:35 +02:00
usr.lib.dovecot.log	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.managesieve	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.managesieve-login	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.pop3	Add missing permissions for dovecot-{imap,lmtp,pop3}	2022-05-15 20:53:35 +02:00
usr.lib.dovecot.pop3-login	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.replicator	profiles: Add 3 more dovecot services	2020-10-07 20:26:01 +02:00
usr.lib.dovecot.script-login	Add dovecot-script-login profile	2020-09-27 16:26:28 +02:00
usr.lib.dovecot.ssl-params	add profile names to dovecot profiles	2020-06-11 12:57:53 +02:00
usr.lib.dovecot.stats	allow Prometheus metrics end-point in dovecot/stats	2021-07-19 22:36:28 +02:00
usr.sbin.apache2	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.avahi-daemon	Add missing /proc permissions to avahi-daemon profile	2021-10-26 13:54:51 +02:00
usr.sbin.dnsmasq	Merge Allow reading /sys/devices/system/cpu/possible	2022-11-08 18:11:23 +00:00
usr.sbin.dovecot	Allow dovecot to use all signals	2022-03-23 14:27:13 +01:00
usr.sbin.identd	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.mdnsd	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.nmbd	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.nscd	Fix nscd conflict with systemd-homed	2021-02-11 22:53:07 -08:00
usr.sbin.ntpd	usr.sbin.ntpd: add abstractions/ssl_certs	2021-01-28 08:50:25 +02:00
usr.sbin.smbd	samba profiles: support paths used by Arch Linux	2022-06-06 11:57:14 +03:00
usr.sbin.smbldap-useradd	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.traceroute	Change `#include` to `include` in active profiles	2020-06-09 23:30:24 +02:00
usr.sbin.winbindd	samba profiles: support paths used by Arch Linux	2022-06-06 11:57:14 +03:00
zgrep	zgrep: allow executing egrep and fgrep	2022-06-28 23:27:10 +02:00