Bug 1214458

Summary: /usr/bin/xzegrep: line 219: /usr/bin/egrep: Permission denied
Product: [openSUSE] openSUSE Distribution Reporter: Per Jessen <per>
Component: AppArmorAssignee: Christian Boltz <suse-beta>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: ddiss, rgoldwyn, suse-beta
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: zgrep profile update

Description Per Jessen 2023-08-22 08:21:05 UTC 
Doing a simple xzegrep - 

# xzegrep 'GET /release/[0-9A-F]+' vhost_access_log ...[snip]
/usr/bin/xzegrep: line 219: /usr/bin/egrep: Permission denied

See also https://progress.opensuse.org/issues/113108
Comment 1 Christian Boltz 2023-08-29 17:08:12 UTC 
Right, that profile fix didn't reach Leap yet.

Goldwyn, I'd recommend to upgrade 15.5 to the latest 3.0.x (3.0.12) so that we get all the fixes, and not only the updated zgrep profile.

(Updating only the zgrep profile would also work to fix this bug, but would leave quite some other bugs unfixed. Note that these other bugs were typically filed upstream (as bug or MR), so please have a look at the upstream changelog for all the details.)

Shall I submit an update for 15.5, or do you want to handle it?
Comment 2 Goldwyn Rodrigues 2023-08-30 12:42:20 UTC 
Passing the buck to David ;)

Upgrading from 3.0.4 to 3.0.12 (135 changes) is a big jump. The changes are quite a lot that do not justify a single fix. I would have been comfortable if the number of changes were smaller.
Comment 3 David Disseldorp 2023-08-30 13:05:10 UTC 
(In reply to Goldwyn Rodrigues from comment #2)
> Passing the buck to David ;)
> 
> Upgrading from 3.0.4 to 3.0.12 (135 changes) is a big jump. The changes are
> quite a lot that do not justify a single fix. I would have been comfortable
> if the number of changes were smaller.

It does sounds like a big leap. I need to fully review the delta between both, but from a quick glance, the profiles/** changes (my biggest regressions concern) look pretty non-intrusive.
Comment 4 David Disseldorp 2023-09-05 22:43:47 UTC 
Created attachment 869300 [details]
zgrep profile update

(In reply to David Disseldorp from comment #3)
...
> It does sounds like a big leap. I need to fully review the delta between
> both, but from a quick glance, the profiles/** changes (my biggest
> regressions concern) look pretty non-intrusive.

After looking closer at the 3.0.4..v3.0.12 changes, I'd prefer to stick with a zgrep specific backport for this ticket and explore version update viability elsewhere. I don't have enough confidence in our test coverage to proceed with a full v3.0.12 upgrade as-is.

@Christian: would you be okay with the attached zgrep profile specific backport, so that it matches upstream 3.0.12?
Comment 7 Christian Boltz 2023-09-07 20:34:00 UTC 
(In reply to David Disseldorp from comment #4)
> Created attachment 869300 [details]
> zgrep profile update
> 
> (In reply to David Disseldorp from comment #3)
> After looking closer at the 3.0.4..v3.0.12 changes, I'd prefer to stick with
> a zgrep specific backport for this ticket and explore version update
> viability elsewhere. 

Define "elsewhere", please ;-)

> I don't have enough confidence in our test coverage to
> proceed with a full v3.0.12 upgrade as-is.

I understand that since the diff is quite big, even if I had hoped to get all fixes in at once ;-)

> @Christian: would you be okay with the attached zgrep profile specific
> backport, so that it matches upstream 3.0.12?

I didn't see an obvious error (and I have to admit that I also trust "matches upstream 3.0.12"), so - fine with me.
Comment 8 Maintenance Automation 2023-09-21 08:30:13 UTC 
SUSE-RU-2023:3717-1: An update that has one fix can now be installed.

Category: recommended (moderate)
Bug References: 1214458
Sources used:
openSUSE Leap 15.5 (src): libapparmor-3.0.4-150500.11.6.1, apparmor-3.0.4-150500.11.6.1
Basesystem Module 15-SP5 (src): libapparmor-3.0.4-150500.11.6.1, apparmor-3.0.4-150500.11.6.1
Development Tools Module 15-SP5 (src): apparmor-3.0.4-150500.11.6.1
Server Applications Module 15-SP5 (src): apparmor-3.0.4-150500.11.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2023-09-28 08:30:05 UTC 
SUSE-RU-2023:3856-1: An update that has one fix can now be installed.

Category: recommended (moderate)
Bug References: 1214458
Sources used:
Server Applications Module 15-SP4 (src): apparmor-3.0.4-150400.5.9.1
openSUSE Leap 15.4 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
SUSE Linux Enterprise Micro 5.3 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
SUSE Linux Enterprise Micro 5.4 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
Basesystem Module 15-SP4 (src): libapparmor-3.0.4-150400.5.9.1, apparmor-3.0.4-150400.5.9.1
Development Tools Module 15-SP4 (src): apparmor-3.0.4-150400.5.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Christian Boltz 2024-02-16 20:10:10 UTC 
Given comment #8 and #9, I'm quite sure this bug is fixed ;-)