mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
f1b4da2f64
Begin preparing policy for the 4.0 release. This may result in new denials. This is expected and needed to make sure policy is ready for the 4.0 release. Signed-off-by: John Johansen <john.johansen@canonical.com>
66 lines
1.4 KiB
Text
66 lines
1.4 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2022 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
|
|
abi <abi/4.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile zgrep /usr/bin/{x,}zgrep {
|
|
include <abstractions/base>
|
|
include <abstractions/bash>
|
|
|
|
/dev/tty rw,
|
|
/usr/bin/{ba,da,}sh ix,
|
|
/usr/bin/bzip2 Cx -> helper,
|
|
/usr/bin/cat ix,
|
|
/usr/bin/egrep Cx -> helper,
|
|
/usr/bin/expr ix,
|
|
/usr/bin/fgrep Cx -> helper,
|
|
/usr/bin/grep Cx -> helper,
|
|
/usr/bin/gzip Cx -> helper,
|
|
/usr/bin/mktemp ix,
|
|
/usr/bin/rm ix,
|
|
/usr/bin/sed Cx -> sed,
|
|
/usr/bin/xz Cx -> helper,
|
|
/usr/bin/xzgrep r,
|
|
/usr/bin/zgrep Cx -> helper,
|
|
/usr/bin/zstd Cx -> helper,
|
|
owner /tmp/zgrep* rw,
|
|
/usr/bin/zgrep r,
|
|
|
|
include if exists <local/zgrep>
|
|
|
|
profile helper {
|
|
include <abstractions/base>
|
|
|
|
capability dac_override,
|
|
capability dac_read_search,
|
|
|
|
/dev/tty w,
|
|
|
|
/usr/bin/{ba,da,}sh ix,
|
|
/usr/bin/bzip2 mr,
|
|
/usr/bin/grep mrix,
|
|
/usr/bin/gzip mr,
|
|
/usr/bin/xz mr,
|
|
/usr/bin/zstd mr,
|
|
/{,**} r,
|
|
|
|
}
|
|
|
|
profile sed {
|
|
include <abstractions/base>
|
|
|
|
/dev/tty rw,
|
|
/usr/bin/{ba,da,}sh ix,
|
|
/usr/bin/sed mr,
|
|
|
|
}
|
|
}
|