Bug ID 1219335
Summary [AppArmor] AVC denials for zgrep
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component AppArmor
Assignee suse-beta@cboltz.de
Reporter antonio.feijoo@suse.com
QA Contact qa-bugs@suse.de
CC ddiss@suse.com
Target Milestone ---
Found By ---
Blocker --- 

Default Tumbleweed installation with AppArmor and kernel 6.8-rc1 from
https://build.opensuse.org/package/show/Kernel:HEAD/kernel-default, getting AVC
denials using `zgrep`. It does not happen with kernel 6.6.9-1-default.

> localhost:/home/dev # uname -r
> 6.8.0-rc1-4.gc619505-default
> localhost:/home/dev # dracut -f --stdlog 3 test.img
> /usr/bin/zgrep: line 210: /usr/bin/grep: Permission denied
> /usr/bin/zgrep: line 280: /usr/bin/gzip: Permission denied
> /usr/bin/zgrep: line 295: /usr/bin/grep: Permission denied
> /usr/bin/zgrep: line 210: /usr/bin/grep: Permission denied
> /usr/bin/zgrep: line 280: /usr/bin/gzip: Permission denied
> /usr/bin/zgrep: line 295: /usr/bin/grep: Permission denied
> localhost:/home/dev # zgrep CONFIG_BTRFS /proc/config.gz 
> /bin/zgrep: line 210: /usr/bin/grep: Permission denied
> /bin/zgrep: line 280: /bin/gzip: Permission denied
> /bin/zgrep: line 295: /usr/bin/grep: Permission denied
> localhost:/home/dev # grep zgrep /var/log/audit/audit.log
> ...
> type=AVC msg=audit(1706603114.661:248): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7356 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.661:249): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7356 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.664:250): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=7360 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.664:251): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=7360 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.664:252): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7361 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.664:253): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7361 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.674:254): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7368 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.674:255): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7368 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.678:256): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=7372 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.678:257): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=7372 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.678:258): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7373 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603114.678:259): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=7373 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.285:260): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=10315 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.285:261): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=10315 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.291:262): apparmor="DENIED" operation="capable" class="cap" profile="zgrep" pid=10317 comm="zgrep" capability=2  capname="dac_read_search"
> type=AVC msg=audit(1706603135.291:263): apparmor="DENIED" operation="capable" class="cap" profile="zgrep" pid=10317 comm="zgrep" capability=1  capname="dac_override"
> type=AVC msg=audit(1706603135.291:264): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=10319 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.291:265): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/gzip" pid=10319 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.291:266): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=10320 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=AVC msg=audit(1706603135.291:267): apparmor="DENIED" operation="open" class="file" profile="zgrep" name="/usr/bin/grep" pid=10320 comm="zgrep" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

You are receiving this mail because: