Ubuntu
akonadi package

Akonadi's Apparmor profile does not work with Encrypted Private Directory overlays

Bug #305669 reported by John Dong
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
akonadi (Ubuntu)
Confirmed
Medium
Unassigned
Declined for Jaunty by Harald Sitter

Bug Description

I am using EncryptedPrivateDirectory on my system so .local is a symlink into Private/.local which is an ecryptfs mount. As a result, akonadi dies at startup. To get it working locally, I had to add the rules:

  @{HOME}/.Private/.local/share/akonadi/** rkw,
  @{HOME}/Private/.local/share/akonadi/** rkw,

ecryptFS is a two-layer overlay so both the rules for the overlay and underlay are required.

I think it's a good idea to support this fairly standard EcryptFS setup in the default AA profile.

Tags: apparmor
Scott Kitterman (kitterman)
Changed in akonadi:
importance: Undecided → Medium
milestone: none → jaunty-alpha-2
status: New → Triaged
Revision history for this message
Alvin (alvind) wrote :

This is described as a common problem:
http://userbase.kde.org/Akonadi#Common_Problems

Revision history for this message
ilia (ilia) wrote :

I doubt the change proposed by John will work since ecryptfs encrypts file names too, so for my system I need either
  @{HOME}/.Private/** rwk,
or the encrypted path, manually set per each user :( like the following
  @{HOME}/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZNv58uMVCY0ER-NWgY7HvO.usFvEvRTYBUko1cAvbwnRrOeZS1sWs02---/ECRYPTFS_FNEK_ENCRYPTED.FWZNv58uMVCY0ER-NWgY7HvO.usFvEvRTYBU.s4vCLVHHxArf7P1VoQSG---/ECRYPTFS_FNEK_ENCRYPTED.FWZNv58uMVCY0ER-NWgY7HvO.usFvEvRTYBUaHK9TmE8gP6V6buosKP4CU--/** rwk,

None of these solutions looks satisfactory. Any ideas from apparmor people?

Harald Sitter (apachelogger)
Changed in akonadi (Ubuntu):
milestone: jaunty-alpha-2 → none
Revision history for this message
Harald Sitter (apachelogger) wrote :

Setting status to confirmed, we don't have a sensible solution to this at hand,
@{HOME}/.Private/** rwk
is not that much of a solution either, since it makes apparmor mostly useless in this particular case, though I am not sure that this is incredibly awful either. All in all, needing input on how to address this issue. We probably can ship what John Dong suggested meanwhile?

Changed in akonadi (Ubuntu):
status: Triaged → Confirmed
Jamie Strandboge (jdstrand)
tags: added: apparmor
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.