[Bug 591769] [NEW] apparmor denies virt-aa-helper access to ecryptfs files

Wed, 09 Jun 2010 08:45:42 -0700 

Public bug reported:

/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper uses abstractions/base which has 
the following:
  owner @{HOME}/.Private/** mrixwlk,
  owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,

This may be too strict for virt-aa-helper since it runs as root and user's may 
store there VMs in encrypted HOME or encrypted ~/Private with the files owned 
by the user, not root. The following should be added to 
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
  @{HOME}/.Private/** mrixwlk,
  @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,

** Affects: libvirt (Ubuntu)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Affects: libvirt (Ubuntu Lucid)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Affects: libvirt (Ubuntu Maverick)
     Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
         Status: Triaged

** Changed in: libvirt (Ubuntu)
   Importance: Undecided => Medium

** Changed in: libvirt (Ubuntu)
       Status: New => Triaged

** Changed in: libvirt (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Also affects: libvirt (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: libvirt (Ubuntu Maverick)
   Importance: Medium
     Assignee: Jamie Strandboge (jdstrand)
       Status: Triaged

** Changed in: libvirt (Ubuntu Lucid)
       Status: New => Triaged

** Changed in: libvirt (Ubuntu Lucid)
   Importance: Undecided => Medium

** Changed in: libvirt (Ubuntu Lucid)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: libvirt (Ubuntu Lucid)
    Milestone: None => lucid-updates

-- 
apparmor denies virt-aa-helper access to ecryptfs files
https://bugs.launchpad.net/bugs/591769
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to