AppArmor does not allow access when @{HOME} is not /home
Bug #447292 reported by
DaTa
This bug affects 17 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Karmic |
Won't Fix
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Jamie Strandboge |
Bug Description
For profiles that reference @{HOME}, AppArmor will deny access to files in @{HOME} if the user's home directory is not in /home.
For example, if the user's home directory is /exports/home, then profiles such as cups, evince, and firefox will disallow access to anything in /exports/home. Since apparmor uses realpath(), using a symlink from /home/foo -> /exports/home/foo does not work. This is part of the design of the system and requires that the sysadmin adjust /etc/apparmor.
@{HOMEDIRS}=/home/
to be:
@{HOMEDIRS}=/home/ /exports/home/
See https:/
Related branches
description: | updated |
description: | updated |
Changed in apparmor (Ubuntu Karmic): | |
importance: | Medium → High |
Changed in apparmor (Ubuntu Lucid): | |
importance: | Medium → High |
assignee: | nobody → Jamie Strandboge (jdstrand) |
milestone: | none → ubuntu-10.04-beta-1 |
To post a comment you must log in.
could you run "mkdir /home/danielt/ .gnome2/ evince" from a command line and see if it works?