[Bug 359338] Re: apparmor paths are broken when using ecryptfs

Sat, 26 Feb 2011 21:56:03 -0800 

Hello,

I use Ubuntu 10.10 with encrypted home. I'm new with apparmor.
The #13 workaround is part of /etc/apparmor.d/abstractions/base.

My firefox-3.6.13 is now in enforce mode - with standard profile.
With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,

but I can save files (with standard downloadmanager of firefox) e.g. in
$HOME itself and I can't find any other rule, which could allow that. I
have thing, that #13 workaround just affects the eCryptFS "part of
things" and limitations of normal filenames/paths (in mounted ecryptfs)
are still possible.

----------------------------------------------------------------------------------------
So ... why can firefox write elsewhere as in to ${HOME}/Downloads ?
----------------------------------------------------------------------------------------

BTW: I get also this in kern.log (but not by saving a file as wrote
above) :

Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400
audit(1298782170.190:48): apparmor="DENIED" operation="open" parent=1782
profile="/usr/lib/firefox-3.6.13/firefox-*bin"
name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--"
pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w"
fsuid=1000 ouid=0

?? why do firefox try to write to it and why do it fail even with #13
workaround?

Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400
audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782
profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock"
pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r"
fsuid=1000 ouid=0

?? Why try firefox to access X lock ?


Thanks for help

--kapetr

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/359338

Title:
  apparmor paths are broken when using ecryptfs

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to