← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #01127

Re: [Bug 359338] Re: apparmor paths are broken when using ecryptfs on jaunty

  Thread PreviousDate PreviousThread Next 
On Fri, Jul 17, 2009 at 10:17 AM, John
Johansen<john.johansen@xxxxxxxxxxxxx> wrote:
> I have looked at this for Jaunty and have a patch that fixes this for all but 1 case in the kernel.  That one case however requires a larger change and need further investigation.  That one case still requires
> owner @{HOME}/.Private/** rw, be added to profiles.

John,

For Karmic, (very soon, actually), I'm planning on moving this data
from $HOME/.Private to /home/.ecryptfs/$USER/.Private.

How does that affect your work?

:-Dustin

-- 
apparmor paths are broken when using ecryptfs on jaunty
https://bugs.launchpad.net/bugs/359338
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in Ubuntu Release Notes: Fix Released
Status in “ecryptfs-utils” package in Ubuntu: Invalid
Status in “linux” package in Ubuntu: Confirmed
Status in ecryptfs-utils in Ubuntu Karmic: Invalid
Status in linux in Ubuntu Karmic: Confirmed

Bug description:
Binary package hint: ecryptfs-utils

klamav 0.46-2 with clamav 0.95.
Jaunty with encrypted home directory.

After installing klamav and first running it, it creates /home/user/.klamav/database, in which it downloads the signature databases. This directory gets created OK, but the database download fails with 'Can't create file' error, and the following entry in syslog:

Apr 11 01:11:39 utest-jj kernel: [  959.044919] type=1503 audit(1239401499.961:33): operation="inode_create" requested_mask="a::" denied_mask="a::" fsuid=1000 name="/home/gimre/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9aW.rw0ebxHiizvzjKdHqek--/ECRYPTFS_FNEK_ENCRYPTED.FWYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9FGYc1fWwp9RQW-wdr8CQZU--/ECRYPTFS_FNEK_ENCRYPTED.FYYWbBX-HCv7D-ShpT0P1qAlMITxm.e31aS9Pcj74.T8NOQNJ4OdUE2-.LWX5l6N.v2lDmBFyCvWlKqrrt-xoaiQuTGvsGqXcTCI" pid=5164 profile="/usr/bin/freshclam"
Apr 11 01:11:39 utest-jj kernel: [  959.044937] ecryptfs_do_create: Failure to create dentry in lower fs; rc = [-13]
Apr 11 01:11:39 utest-jj kernel: [  959.045149] ecryptfs_create: Failed to create file inlower filesystem

After stopping apparmor, the problem goes away, the database gets downloaded correctly.

Can be reproduced by correcting freshclam's apparmor profile, see the following bug:

https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/359301

References

  Thread PreviousDate PreviousThread Next