tickets #113108: mx1: /usr/bin/xzegrep: line 219: /usr/bin/egrep: Permission denied - openSUSE admin - openSUSE Project Management Tool

Actions

tickets #113108

closed

mx1: /usr/bin/xzegrep: line 219: /usr/bin/egrep: Permission denied

Added by pjessen over 2 years ago. Updated over 1 year ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Upstream

Target version:

-

Start date:

2022-06-28

Due date:

% Done:

0%

Estimated time:

Description

This looks really odd:

mx1 (mx1.o.o):~ # xzegrep '.cfd' /var/log/mail-20220625.xz
/usr/bin/xzegrep: line 219: /usr/bin/egrep: Permission denied

Actions

#1

Updated by pjessen over 2 years ago

Category set to Upstream
Assignee set to cboltz
Private changed from Yes to No

Incomplete apparmor profile?

type=AVC msg=audit(1656407996.106:30455): apparmor="DENIED" operation="exec" profile="zgrep" name="/usr/bin/egrep" pid=4719 comm="xzegrep" requested_mask="x"
 denied_mask="x" fsuid=0 ouid=0
type=AVC msg=audit(1656407996.106:30456): apparmor="DENIED" operation="open" profile="zgrep" name="/usr/bin/egrep" pid=4719 comm="xzegrep" requested_mask="r"
 denied_mask="r" fsuid=0 ouid=0

Christian, I see you created that profile, /etc/apparmor.d/zgrep :-)

Actions

#2

Updated by cboltz over 2 years ago

Status changed from New to Resolved

Right, but it's part of the apparmor-profiles package, therefore bugzilla would have been the better place to report this ;-)

Anyway - fixed in multiple places:

upstream: https://gitlab.com/apparmor/apparmor/-/merge_requests/892
Tumbleweed: https://build.opensuse.org/request/show/985682
on mx1: profile manually updated to what I submitted upstream

Oh, and while looking at the grep manpage (on Tumbleweed), I accidently found http://bugzilla.opensuse.org/show_bug.cgi?id=1201001 ;-)

Unless you urgently need xzegrep on all our Leap servers, I'll wait a bit and possibly collect some more fixes before I submit an update for 15.4.

Actions

#3

Updated by pjessen over 2 years ago

cboltz wrote:

Right, but it's part of the apparmor-profiles package, therefore bugzilla would have been the better place to report this ;-)

Agree, but I was too lazy ....

Unless you urgently need xzegrep on all our Leap servers, I'll wait a bit and possibly collect some more fixes before I submit an update for 15.4.

Oh absolutely, I can manage without :-)

Actions

#4

Updated by pjessen_invalid over 1 year ago

cboltz wrote in #note-2:

Right, but it's part of the apparmor-profiles package, therefore bugzilla would have been the better place to report this ;-)

Better late than never: https://bugzilla.opensuse.org/show_bug.cgi?id=1214458

Actions

Also available in: Atom PDF