felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): add pgrep.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-07 00:37:07 +02:00
parent c85ed58fa9
commit e6939f4968
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 41 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
apparmor.d/groups/procps/pgrep Normal file
View file

@ -0,0 +1,22 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/pgrep
profile pgrep @{exec_path} {
include <abstractions/base>
include <abstractions/app/pgrep>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@{PROC}/tty/drivers r,
include if exists <local/pgrep>
}
# vim:syntax=apparmor

19
tests/integration/procps/pgrep.bats Normal file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bats
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
load ../common
@test "pgrep: Return PIDs of any running processes with a matching command string" {
pgrep systemd
}
@test "pgrep: Search for processes including their command-line options" {
pgrep --full 'systemd'
}
@test "pgrep: Search for processes run by a specific user" {
pgrep --euid root systemd-udevd
}