feat: add the new shells variable to ensure support for all interactive shell.

Fix #269
2024-01-25 13:16:40 +00:00 · 2024-01-25 13:16:40 +00:00 · a30c2e5e85
commit a30c2e5e85
parent b376e9fade
13 changed files with 17 additions and 26 deletions
--- a/apparmor.d/profiles-s-z/su
+++ b/apparmor.d/profiles-s-z/su
@ -44,8 +44,7 @@ profile su @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,b,d,rb}ash  rUx,
-  @{bin}/{c,k,tc,z}sh  rUx,
+  @{bin}/@{shells}     rUx,

  @{bin}/nologin       rPx,

--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@ -53,8 +53,7 @@ profile sudo @{exec_path} {
  @{exec_path} mr,
  @{lib}/sudo/** mr,

-  @{bin}/{,b,d,rb}ash               rUx,
-  @{bin}/{c,k,tc,z}sh               rUx,
+  @{bin}/@{shells}                 rUx,
  @{lib}/**                        rPUx,
  /opt/*/**                        rPUx,
  /snap/snapd/@{int}@{bin}/snap    rPUx,
--- a/apparmor.d/profiles-s-z/sulogin
+++ b/apparmor.d/profiles-s-z/sulogin
@ -16,8 +16,7 @@ profile sulogin @{exec_path} {
  @{exec_path} mr,

  # The shell is not confined on purpose.
-  @{bin}/{,b,d,rb}ash         rUx,
-  @{bin}/{c,k,tc,z}sh         rUx,
+  @{bin}/@{shells}     rUx,

  /etc/shadow r,

--- a/apparmor.d/profiles-s-z/terminator
+++ b/apparmor.d/profiles-s-z/terminator
@ -29,8 +29,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
  @{bin}/python3.@{int} rix,

  # The shell is not confined on purpose.
-  @{bin}/{,b,d,rb}ash         rUx,
-  @{bin}/{c,k,tc,z}sh         rUx,
+  @{bin}/@{shells}      rUx,

  owner @{user_config_dirs}/terminator/{,**} rw,