On Ubuntu and Debian, by default /bin/sh is a symlink to /bin/dash. When
autodep'ing a shell script, the bash abstraction was not being included.
Arguably, there ought to be a separate 'sh' abstraction that the bash
abstraction would include, that contains the common elements to shells
that are derived from the original Bourne shell.
---
utils/Immunix/AppArmor.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/utils/Immunix/AppArmor.pm
===================================================================
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -776,7 +776,7 @@ sub create_new_profile($) {
$profile->{$fqdbin}{allow}{path}->{$interpreter}{audit} |= 0;
if ($interpreter =~ /perl/) {
$profile->{$fqdbin}{include}->{"abstractions/perl"} = 1;
- } elsif ($interpreter =~ m/\/bin\/(bash|sh)/) {
+ } elsif ($interpreter =~ m/\/bin\/(bash|dash|sh)/) {
$profile->{$fqdbin}{include}->{"abstractions/bash"} = 1;
} elsif ($interpreter =~ m/python/) {
$profile->{$fqdbin}{include}->{"abstractions/python"} = 1;
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
