This behavior still exists in Jaunty and Karmic and it is going to be handled in the user space at the policy level. The user space tools are being extended to be able to handle, this in a couple of ways. 1. There will be a global policy file where rules like the work around specified above can be added without having to update the profiles. 2. The alias command is being extended to cover full regular expression rewriting which will allow the policy to contain the relationship between the encrypted dir and the users actual home. The alias required for ecrypted homes will then be put in the global policy file described in part 1.
This solution can be applied to both Jaunty and Karmic. -- apparmor paths are broken when using ecryptfs on jaunty https://bugs.launchpad.net/bugs/359338 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in Ubuntu Release Notes: Fix Released Status in “ecryptfs-utils” package in Ubuntu: Invalid Status in “linux” package in Ubuntu: In Progress Status in ecryptfs-utils in Ubuntu Karmic: Invalid Status in linux in Ubuntu Karmic: In Progress Bug description: Binary package hint: ecryptfs-utils klamav 0.46-2 with clamav 0.95. Jaunty with encrypted home directory. After installing klamav and first running it, it creates /home/user/.klamav/database, in which it downloads the signature databases. This directory gets created OK, but the database download fails with 'Can't create file' error, and the following entry in syslog: Apr 11 01:11:39 utest-jj kernel: [ 959.044919] type=1503 audit(1239401499.961:33): operation="inode_create" requested_mask="a::" denied_mask="a::" fsuid=1000 name="/home/gimre/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9aW.rw0ebxHiizvzjKdHqek--/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9FGYc1fWwp9RQW-wdr8CQZU--/ECRYPTFS_FNEK_ENCRYPTED.FYYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9Pcj74.T8NOQNJ4OdUE2-.LWX5l6N.v2lDmBFyCvWlKqrrt-xoaiQuTGvsGqXcTCI" pid=5164 profile="/usr/bin/freshclam" Apr 11 01:11:39 utest-jj kernel: [ 959.044937] ecryptfs_do_create: Failure to create dentry in lower fs; rc = [-13] Apr 11 01:11:39 utest-jj kernel: [ 959.045149] ecryptfs_create: Failed to create file inlower filesystem After stopping apparmor, the problem goes away, the database gets downloaded correctly. Can be reproduced by correcting freshclam's apparmor profile, see the following bug: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/359301 _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
