I have looked at this for Jaunty and have a patch that fixes this for all but 1
case in the kernel. That one case however requires a larger change and need
further investigation. That one case still requires
owner @{HOME}/.Private/** rw, be added to profiles.
Testing in Karmic has shown that the security_path_XXX hooks work as
expected and that rmdir, unlink, mknod, mkdir, link, symlink all work.
There is a single known regression case (dentry_open) where the name
loop back occurs, resulting in both the encrypted and unencrypted paths
being reported.
--
apparmor paths are broken when using ecryptfs on jaunty
https://bugs.launchpad.net/bugs/359338
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in Ubuntu Release Notes: Fix Released
Status in “ecryptfs-utils” package in Ubuntu: Invalid
Status in “linux” package in Ubuntu: Confirmed
Status in ecryptfs-utils in Ubuntu Karmic: Invalid
Status in linux in Ubuntu Karmic: Confirmed
Bug description:
Binary package hint: ecryptfs-utils
klamav 0.46-2 with clamav 0.95.
Jaunty with encrypted home directory.
After installing klamav and first running it, it creates
/home/user/.klamav/database, in which it downloads the signature databases.
This directory gets created OK, but the database download fails with 'Can't
create file' error, and the following entry in syslog:
Apr 11 01:11:39 utest-jj kernel: [ 959.044919] type=1503
audit(1239401499.961:33): operation="inode_create" requested_mask="a::"
denied_mask="a::" fsuid=1000
name="/home/gimre/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9aW.rw0ebxHiizvzjKdHqek--/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9FGYc1fWwp9RQW-wdr8CQZU--/ECRYPTFS_FNEK_ENCRYPTED.FYYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9Pcj74.T8NOQNJ4OdUE2-.LWX5l6N.v2lDmBFyCvWlKqrrt-xoaiQuTGvsGqXcTCI"
pid=5164 profile="/usr/bin/freshclam"
Apr 11 01:11:39 utest-jj kernel: [ 959.044937] ecryptfs_do_create: Failure to
create dentry in lower fs; rc = [-13]
Apr 11 01:11:39 utest-jj kernel: [ 959.045149] ecryptfs_create: Failed to
create file inlower filesystem
After stopping apparmor, the problem goes away, the database gets downloaded
correctly.
Can be reproduced by correcting freshclam's apparmor profile, see the following
bug:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/359301
_______________________________________________
Mailing list: https://launchpad.net/~ecryptfs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ecryptfs
More help : https://help.launchpad.net/ListHelp
