Mmm... I just noticed that HOMEDIRS is not set in my case. My bad. I
have set it up now and will see how it goes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/447292
Title:
AppArmor does not
As requested by Jamie Strandboge (jdstrand) :
[hans@demloka ~] cat /etc/apparmor.d/tunables/home.d/ubuntu
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
#
Hans, what are the contents of /etc/apparmor.d/tunables/home.d/ubuntu?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/447292
Title:
AppArmor does not allow access when @{HOME} is not /home
To
I still suffer from the problem with 12.04 and apparmor
2.7.102-0ubuntu3.7. This is what I see in syslog:
Apr 14 11:39:57 demloka kernel: [165640.724180] type=1400
audit(1365953997.312:969): apparmor=DENIED operation=open parent=1
profile=/usr/bin/evince
I recently installed Lubuntu 12.04 and had the same problem.
This time I added my /data partition to the @{HOMEDIRS}=/home/ line...
Changed: “@{HOMEDIRS}=/home/ “
To: ”@{HOMEDIRS}=/home/ /data/ ”
and restarted AppArmor (sudo /etc/init.d/apparmor restart), and all was
good.
--
You
I have since found https://wiki.ubuntu.com/DebuggingApparmor;, where it is
suggested that aa-complain be used.
I had to install apparmor-utils to get this, and have included an excerpt from
the Kernal Log (different day, different file...) in case this additional
information is useful to
I note that Evince is being denied access to a number of other files in
/data/scott and /data/scott/Desktop before attempting to create its temp file.
This puzzles me, as they have nothing to do with Evince...
Perhaps this is just a trail of the path Evince took to find where it
should store the
Hi.
scott@scott-AsusM2N68-AM-Plus:~$ uname -a
Linux scott-AsusM2N68-AM-Plus 3.0.0-14-generic-tuxonice #23~ppa1-Ubuntu SMP Sun
Dec 11 04:53:00 UTC 2011 i686 athlon i386 GNU/Linux
I am using Ubuntu 11.10, and Gnome-Shell, mostly.
I have a number of partitions, with Ubuntu / in one, with /home
With the following change, upgrades to Lucid will adjust
/etc/apparmor.d/tunables/home.d/ubuntu automatically if the
administrator has not already adjusted this file via debconf. From the
changelog:
apparmor (2.5~pre+bzr1362-0ubuntu2) lucid; urgency=low
* debian/apparmor.postinst: on upgrades,
This bug was fixed in the package apparmor - 2.3.1+bzr1312-0ubuntu1
---
apparmor (2.3.1+bzr1312-0ubuntu1) lucid; urgency=low
[ Kees Cook ]
* Update to upstream bzr revision 1312.
* debian/apparmor.postrm: fix comment typo.
* debain/rules: switch to bzr for upstream
debconf integration is now committed to https://code.launchpad.net
/~ubuntu-core-dev/apparmor/master. This will be included in the next
update.
** Changed in: apparmor (Ubuntu Lucid)
Status: Triaged = Fix Committed
--
AppArmor does not allow access when @{HOME} is not /home
Pedro, can you file another bug with HOMEDIRS set as above and the
evince profile loaded?
** Also affects: apparmor (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: apparmor (Ubuntu Lucid)
Importance: Low
Status: Won't Fix
** Changed in: apparmor (Ubuntu
** Changed in: apparmor (Ubuntu Karmic)
Importance: Medium = High
** Changed in: apparmor (Ubuntu Lucid)
Importance: Medium = High
** Changed in: apparmor (Ubuntu Lucid)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Changed in: apparmor (Ubuntu Lucid)
Milestone: None =
Well, the @{HOMEDIRS} trick didn't work for me. My home directory is in
a NFS share /net/aires/homes so I changed tunables/home to read
@{HOMEDIRS}=/home/ /net/aires/homes/
and followed the change with
sudo /etc/init.d/apparmor restart
... and still the evince PDF reader was getting denied
For those users hitting this issue, I'd like to stress that the security
benefits of using an AppArmor profile for evince are very high,
especially when considering the problems seen with the PDF and image
libraries. poppler, the PDF library used by evince, has had no fewer
than 19 different
Improving the user experience with regard to AppArmor tunables will be a
discussion at the next Ubuntu Developer Summit.
--
AppArmor does not allow access when @{HOME} is not /home
https://bugs.launchpad.net/bugs/447292
You received this bug notification because you are a member of Ubuntu
Bugs,
** Description changed:
- Binary package hint: evince
+ For profiles that reference @{HOME}, AppArmor will deny access to files
+ in @{HOME} if the user's home directory is not in /home.
- I've installed karmic yesterday, and upgraded
- [0] lsb_release -rd
- Description:Ubuntu karmic
** Description changed:
For profiles that reference @{HOME}, AppArmor will deny access to files
in @{HOME} if the user's home directory is not in /home.
For example, if the user's home directory is /exports/home, then profiles
such as cups, evince, and firefox will disallow access to
18 matches
Mail list logo
