[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
+1. The diff looks good to me. -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
This bug was fixed in the package likewise-open - 5.4.0.39949-3 --- likewise-open (5.4.0.39949-3) lucid; urgency=low * add /etc/apparmor.d/tunables/home.d/likewise-open to adjust HOMEDIRS. - add debian/apparmor.homedirs - debian/rules: install apparmor.homedirs - debian/likewise-open.dirs: create etc/apparmor.d/tunables/home.d - debian/likewise-open.install: add tunables/home.d/likewise-open to likewise-open package - LP: #274350 -- Jamie Strandboge ja...@ubuntu.com Fri, 08 Jan 2010 08:56:39 -0600 ** Changed in: likewise-open (Ubuntu) Status: In Progress = Fix Released -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
likewise-open 5.4.0.39949-2 uses /home/likewise-open as its template dir. All that is left is to add /etc/apparmor.d/tunables/home.d /likewise-open. I'll provide a debdiff shortly. -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Here is a debdiff to install a suitable /etc/apparmor.d/tunables/home.d /likewise-open. ** Attachment added: likewise-open_5.4.0.39949-3.debdiff http://launchpadlibrarian.net/37623524/likewise-open_5.4.0.39949-3.debdiff -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Please review and I can get this uploaded for Alpha-2. -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Note that likewise-open will need to include a file like
/etc/apparmor.d/tunables/home.d/likewise-open
that contains:
@{HOMEDIRS}+=/home/likewise-open/*/
This is being removed from the AppArmor default now that home.d/ exists,
and default installs don't need this path (which is presently causing
bug 503869)
--
apparmor HOMEDIRS not adjusted for likewise
https://bugs.launchpad.net/bugs/274350
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to likewise-open in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
** Changed in: likewise-open (Ubuntu) Status: Confirmed = Triaged ** Changed in: likewise-open (Ubuntu) Milestone: None = lucid-alpha-3 -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Here is an untested debdiff which adjusts 'template homedir' as decided upon. I also have the packaging create /home/likewise-open. While I can't test this, I think that this may be all that is needed. In other words, upgrades from Hardy to Lucid should work just fine. Assuming the user does the required reboot after upgrade, then the next time likewise is used it will use the new template homedir. As I don't have a way to test this, I am uncomfortable uploading to Lucid at this time. Gerry, can you give feedback on this debdiff? If it looks good, I can upload to Lucid and you can incorporate my changes into your next upload. Thanks! ** Attachment added: likewise-open_4.1.2982-0ubuntu4.debdiff http://launchpadlibrarian.net/37449840/likewise-open_4.1.2982-0ubuntu4.debdiff -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
This has already been fixed in in the likewise-open ppa. Per IRC discussion: 07:59 coffeedude jdstrand, K. So you diff won't apply to the new packages. I've already fixed it there like we discussed. pitti is reviewing the debs for me and they are planned for upload for alpha 2. ** Changed in: likewise-open (Ubuntu) Status: Triaged = In Progress ** Changed in: likewise-open (Ubuntu) Milestone: lucid-alpha-3 = lucid-alpha-2 -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
** Changed in: apparmor (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Changed in: likewise-open (Ubuntu) Assignee: (unassigned) = Gerald Carter (coffeedude.jerry) -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
** Summary changed: - cups-pdf cannot create ~/PDF and files in it + apparmor HOMEDIRS not adjusted for likewise -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
We talked about this at UDS Lucid and this is something I'd like to fix for
Lucid. Conceptually, this is not too hard, since all we should have to do is
adjust /etc/apparmor.d/tunables/home to have:
@{hom...@{homedirs}/*/ /root/
@{HOMEDIRS}=/home/ /home/*/
However, this gets quite complicated with rule evaluation, eg the tcpdump
profile has:
audit deny @{HOME}/bin/ rw,
audit deny @{HOME}/bin/** mrwkl,
@{HOME}/ r,
@{HOME}/** rw,
After making the above change to tunables, this evaluates to (omitting /root/):
audit deny /home/*/bin/ rw,
audit deny /home/*/*/bin/ rw,
audit deny /home/*/bin/** mrwkl,
audit deny /home/*/*/bin/** mrwkl,
/home/*/ r,
/home/*/*/ r,
/home/*/** rw,
/home/*/*/** rw,
This is at best overly complicated and at worst could change the profile
in unexpected ways. If we want to support both local and likewise
homedirs, I think something else needs to happen.
Would it be possible to change the default location of likewise? Eg, adjust
lwiauthd.conf (AIUI) to somewhere outside of /home would be ideal, but even
having:
template homedir = /home/likewise-open/%D/%U
would be an improvement. Then we could do:
@{hom...@{homedirs}/*/ /root/
@{HOMEDIRS}=/home/ /home/likewise-open/*/
which evaluates to (again, /root/ omitted):
audit deny /home/*/bin/ rw,
audit deny /home/likewise-open/*/*/bin/ rw,
audit deny /home/*/bin/** mrwkl,
audit deny /home/likewise-open/*/*/bin/** mrwkl,
/home/*/ r,
/home/likewise-open/*/*/ r,
/home/*/** rw,
/home/likewise-open/*/*/** rw,
This is much better, since only a system with a local user with home directory
of '/home/likewise-open' would have the problems described above. This seems
acceptable and easier than moving likewise outside of /home. If we do decide to
move the directory, I advise adjusting lwiauthd.conf to have:
# Changing template homedir will also require adjusting the AppArmor home
# tunable in /etc/apparmor.d/tunables/home for systems that use AppArmor.
# See https://wiki.ubuntu.com/DebuggingApparmor#Adjusting%20Tunables
# for details.
template homedir = /home/likewise-open/%D/%U
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
** Changed in: apparmor (Ubuntu)
Importance: Undecided = High
** Changed in: likewise-open (Ubuntu)
Importance: Medium = High
--
apparmor HOMEDIRS not adjusted for likewise
https://bugs.launchpad.net/bugs/274350
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to likewise-open in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
Discussed on #ubuntu-server with ttx, jdstrand, and myself. Agreed to set the template homedir to /home/likewise-open/%D/%U moving forward in Lucid. However, we'll not try to move any home directories on upgrade. Rather, we'll leave things as they are. -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 274350] Re: apparmor HOMEDIRS not adjusted for likewise
This bug was fixed in the package apparmor - 2.3.1+1403-0ubuntu30 --- apparmor (2.3.1+1403-0ubuntu30) lucid; urgency=low [ Jamie Strandboge ] * convert to using quilt - debian/control: Build-Depends on quilt - add debian/README.source - debian/rules: include /usr/share/quilt/quilt.make and adjust targets for patching * debian/patches/0001-likewise-home-tunables.patch: tunables/home: add /home/likewise-open/*/ to HOMEDIRS (LP: #274350) * Merge to upstream bzr rev 1308. - really add chromium-browser (LP: #488559) - add official google-chrome (LP: #481661) [ Kees Cook ] * parser/parser_main.c: use nanosec ctime resolution when checking cache file times. * parser/tst/caching.sh: add tests for cache use based on timestamps. -- Jamie Strandboge ja...@ubuntu.com Fri, 04 Dec 2009 11:11:01 -0600 ** Changed in: apparmor (Ubuntu) Status: Confirmed = Fix Released -- apparmor HOMEDIRS not adjusted for likewise https://bugs.launchpad.net/bugs/274350 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to likewise-open in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
