** Description changed:
For profiles that reference @{HOME}, AppArmor will deny access to files
in @{HOME} if the user's home directory is not in /home.
For example, if the user's home directory is /exports/home, then profiles
such as cups, evince, and firefox will disallow access to anything in
/exports/home. Since apparmor uses realpath(), using a symlink from /home/foo
-> /exports/home/foo does not work. This is part of the design of the system
and requires that the sysadmin adjust /etc/apparmor.d/tunables/home. In the
above example, the sysadmin should change:
@{HOMEDIRS}=/home/
to be:
@{HOMEDIRS}=/home/ /exports/home/
+
+ See https://wiki.ubuntu.com/DebuggingApparmor#Adjusting%20Tunables for
+ details.
--
AppArmor does not allow access when @{HOME} is not /home
https://bugs.launchpad.net/bugs/447292
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
--
universe-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/universe-bugs
