Executing zgrep gives a "permission denied" error when running with apparmor enabled. Logs show that apparmor denies execution of /usr/bin/pigz or /usr/bin/gzip-reference (depending on USE choice in app-alternatives/gzip) because the allowed /usr/bin/gzip is just a symlink to the alternatives. Reproducible: Always Steps to Reproduce: 1. Have an apparmor-enabled system 2. Try to use zgrep (e.g. zgrep HZ /proc/config.gz) Actual Results: zgrep fails with "permission denied" Expected Results: zgrep returns the results
Workaround: # cat /etc/apparmor.d/local/zgrep # Site-specific additions and overrides for 'zgrep' /bin/gzip-reference Cx -> helper, /bin/grep Cx -> helper Depending on /usr merge or app-alternatives/gzip choice, adjust the paths as needed and reload the profile afterwards.