** Description changed: + SRU Justification + + 1. impact of the bug is medium for stable releases and very much limits + the utility of pam_apparmor, but the fix is non-intrusive. It is + included here as part of the 2.5.1 update for Lucid (LP: #660077) + + 2. This has been fixed in natty. + + 3. Patch simply adjusts changehat/pam_apparmor/pam_apparmor.c to try the + next hat on ENOENT rather than failing. + + 4. TEST CASE: run the AppArmorPAM tests in lp:qa-regression- + testing/scripts/test-apparmor.py. Several tests fail with the version in + Lucid and all are fixed in the 2.5.1 upload. + + 5. The regression potential is very low for this patch as it only adds a + single ENOENT check, libpam-apparmor is in universe and it is not widely + used yet. Getting this fixed would be an important step in getting pam- + apparmor more widely used since LTS users are more likely to require the + extra security features provided by libpam-apparmor. + Binary package hint: apparmor I have pam_apparmor set up for sshd as follows. session optional pam_apparmor.so order=user,group,default debug It never searches group or default. It thinks it finds a hat the user whether a hat exists for the user or not. In complain mode, the debug messages are: Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Using username 'gray' Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Successfully changed to hat 'gray' Note, there is not a hat 'gray' defined. If I put it in enforce mode: Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Using username 'gray' Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Unknown error occurred changing to gray hat: No such file or directory Maybe we're doing something wrong, but I think its broken. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: libpam-apparmor 2.5-0ubuntu3 ProcVersionSignature: Ubuntu 2.6.32-21.32-generic-pae 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-generic-pae i686 Architecture: i386 Date: Tue Aug 17 18:30:58 2010 InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release i386 (20100427) ProcEnviron: - LANG=en_US.UTF-8 - SHELL=/bin/bash + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: apparmor
-- pam_apparmor fails to hunt through the hats https://bugs.launchpad.net/bugs/619521 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
