[Bug 359338] Re: klamav db download problem with encrypted home on jaunty

Mon, 13 Apr 2009 13:00:39 -0700 

ecryptfs breaks Apparmor naming.

TEST CASE:
1. sudo apt-get install ecryptfs-utils
2. sudo adduser --encrypt-home foo
3. login as 'foo' and verify that encrypted home is correct:
$ df |grep '/home/foo/\.Private'
/home/foo/.Private     3936216   3313964    422304  89% /home/foo
4. Create the following file as /tmp/359338.sh:
#!/bin/sh
echo "Touching $HOME/test.txt"
touch $HOME/test.txt

5. chmod 755 /tmp/359338.sh
6. add the following to /etc/apparmor.d/tmp.359338.sh:
#include <tunables/global>

/tmp/359338.sh {
  #include <abstractions/base>

  /bin/dash rix,
  /bin/touch rix,
  /tmp/359338.sh r,

  owner @{HOME}/test.txt rw,
}

7. reload apparmor:
$ sudo /etc/init.d/apparmor force-reload

8. run /tmp/359338.sh as non-foo user:
$ /tmp/359338.sh 
Touching /home/jamie/test.txt

9. run /tmp/359338.sh as foo:
$ /tmp/359338.sh 
Touching /home/foo/test.txt
touch: cannot touch `/home/foo/test.txt': Permission denied

dmesg should have something like:
Apr 13 16:45:53 sec-jaunty-amd64 kernel: [  523.233018] type=1503 
audit(1239651953.911:114): operation="inode_create" requested_mask="a::" 
denied_mask="a::" fsuid=1001 
name="/home/foo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYwjom6xTTrhkQH6NYaDlNzbi4a-Y57kI1XsKcpAS2HNDa3p8fkshGrq---"
 pid=5038 profile="/tmp/359338.sh"
Apr 13 16:45:53 sec-jaunty-amd64 kernel: [  523.233027] ecryptfs_do_create: 
Failure to create dentry in lower fs; rc = [-13]
Apr 13 16:45:53 sec-jaunty-amd64 kernel: [  523.233045] ecryptfs_create: Failed 
to create file inlower filesystem


** Changed in: linux (Ubuntu)
       Status: New => Confirmed

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

** Changed in: ecryptfs-utils (Ubuntu)
       Status: New => Confirmed

** Changed in: ecryptfs-utils (Ubuntu)
   Importance: Undecided => High

** Summary changed:

- klamav db download problem with encrypted home on jaunty
+ apparmor problem with encrypted home on jaunty

-- 
apparmor paths are broken when using encrypted home on jaunty
https://bugs.launchpad.net/bugs/359338
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to