[Bug 447292] Re: AppArmor does not allow access when @{HOME} is not /home
Jamie Strandboge
jamie at ubuntu.com
Mon Oct 12 15:14:37 UTC 2009
** Description changed:
For profiles that reference @{HOME}, AppArmor will deny access to files
in @{HOME} if the user's home directory is not in /home.
For example, if the user's home directory is /exports/home, then profiles such as cups, evince, and firefox will disallow access to anything in /exports/home. Since apparmor uses realpath(), using a symlink from /home/foo -> /exports/home/foo does not work. This is part of the design of the system and requires that the sysadmin adjust /etc/apparmor.d/tunables/home. In the above example, the sysadmin should change:
@{HOMEDIRS}=/home/
to be:
@{HOMEDIRS}=/home/ /exports/home/
+
+ See https://wiki.ubuntu.com/DebuggingApparmor#Adjusting%20Tunables for
+ details.
--
AppArmor does not allow access when @{HOME} is not /home
https://bugs.launchpad.net/bugs/447292
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list