From 65386321c20025f4f864049424a87db60c101e46 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 29 Feb 2024 23:14:01 +0000
Subject: [PATCH] feat(aa-log): update shell paths.

---
 pkg/aa/template.go | 1 +
 pkg/logs/logs.go   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/aa/template.go b/pkg/aa/template.go
index 616969fda..b56002865 100644
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@@ -71,6 +71,7 @@ var (
 	// The order the apparmor file rules should be sorted
 	fileAlphabet = []string{
 		"@{exec_path}",        // 1. entry point
+		"@{sh_path}",          // 2.1 shells
 		"@{bin}",              // 2.1 binaries
 		"@{lib}",              // 2.2 libraries
 		"/opt",                // 2.3 opt binaries & libraries
diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go
index 8aa4bf51f..974137c15 100644
--- a/pkg/logs/logs.go
+++ b/pkg/logs/logs.go
@@ -63,7 +63,7 @@ var (
 
 		// Some system glob
 		`:1.[0-9]*`, `:*`, // dbus peer name
-		`@{bin}/(|ba|da)sh`, `@{bin}/{,ba,da}sh`, // collect all shell
+		`@{bin}/(|ba|da)sh`, `@{sh_path}`, // collect all shell
 		`@{lib}/modules/[^/]+\/`, `@{lib}/modules/*/`, // strip kernel version numbers from kernel module accesses
 		`[0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][-_][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]`, `@{uuid}`,
 		`[0-9][0-9][0-9][0-9][0-9][0-9]+`, `@{int}`,