[Ecryptfs] [Bug 359338] Re: apparmor paths are broken when using ecryptfs

Mon, 31 Aug 2009 14:50:39 -0700 

This is still an issue for Jaunty, but users can add the following to 
/etc/apparmor.d/abstractions/base to work around the problem:
  # encrypted ~/.Private and old-style encrypted $HOME
  owner @{HOME}/.Private/** mrixwlk,
  # new-style encrypted $HOME
  owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,

You'll need to reload apparmor before this is in effect. Note that this
is a temporary workaround until upstream handles stacked filesystems
generally.

** Summary changed:

- apparmor paths are broken when using ecryptfs on jaunty
+ apparmor paths are broken when using ecryptfs

-- 
apparmor paths are broken when using ecryptfs
https://bugs.launchpad.net/bugs/359338
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in Ubuntu Release Notes: Fix Released
Status in “apparmor” package in Ubuntu: Fix Released
Status in “ecryptfs-utils” package in Ubuntu: Invalid
Status in apparmor in Ubuntu Karmic: Fix Released
Status in ecryptfs-utils in Ubuntu Karmic: Invalid

Bug description:
Binary package hint: ecryptfs-utils

klamav 0.46-2 with clamav 0.95.
Jaunty with encrypted home directory.

After installing klamav and first running it, it creates 
/home/user/.klamav/database, in which it downloads the signature databases. 
This directory gets created OK, but the database download fails with 'Can't 
create file' error, and the following entry in syslog:

Apr 11 01:11:39 utest-jj kernel: [  959.044919] type=1503 
audit(1239401499.961:33): operation="inode_create" requested_mask="a::" 
denied_mask="a::" fsuid=1000 
name="/home/gimre/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9aW.rw0ebxHiizvzjKdHqek--/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9FGYc1fWwp9RQW-wdr8CQZU--/ECRYPTFS_FNEK_ENCRYPTED.FYYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9Pcj74.T8NOQNJ4OdUE2-.LWX5l6N.v2lDmBFyCvWlKqrrt-xoaiQuTGvsGqXcTCI"
 pid=5164 profile="/usr/bin/freshclam"
Apr 11 01:11:39 utest-jj kernel: [  959.044937] ecryptfs_do_create: Failure to 
create dentry in lower fs; rc = [-13]
Apr 11 01:11:39 utest-jj kernel: [  959.045149] ecryptfs_create: Failed to 
create file inlower filesystem

After stopping apparmor, the problem goes away, the database gets downloaded 
correctly.

Can be reproduced by correcting freshclam's apparmor profile, see the following 
bug:

https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/359301

_______________________________________________
Mailing list: https://launchpad.net/~ecryptfs
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~ecryptfs
More help   : https://help.launchpad.net/ListHelp

Reply via email to