[Bug 591769] [NEW] apparmor denies virt-aa-helper access to ecryptfs files
Jamie Strandboge
jamie at ubuntu.com
Wed Jun 9 16:36:12 BST 2010
Public bug reported:
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper uses abstractions/base which has the following:
owner @{HOME}/.Private/** mrixwlk,
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
This may be too strict for virt-aa-helper since it runs as root and user's may store there VMs in encrypted HOME or encrypted ~/Private with the files owned by the user, not root. The following should be added to /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
@{HOME}/.Private/** mrixwlk,
@{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
** Affects: libvirt (Ubuntu)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Affects: libvirt (Ubuntu Lucid)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Affects: libvirt (Ubuntu Maverick)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Medium
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Also affects: libvirt (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Maverick)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Changed in: libvirt (Ubuntu Lucid)
Status: New => Triaged
** Changed in: libvirt (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: libvirt (Ubuntu Lucid)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
** Changed in: libvirt (Ubuntu Lucid)
Milestone: None => lucid-updates
--
apparmor denies virt-aa-helper access to ecryptfs files
https://bugs.launchpad.net/bugs/591769
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list