Custom Query (1145 matches)
Results (55 - 57 of 1145)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#601 | fixed | apparmor homedirs should include /afs/athena/user/*/*/ | gdb | geofft |
Description |
I'm seeing this sort of thing in dmesg on debathena-workstation on Karmic: [1092648.801173] type=1503 audit(1275579304.532:1014): operation="mknod" pid=12569 parent=1 profile="/usr/bin/evince" requested_mask="w::" denied_mask="w::" fsuid=40490 ouid=40490 name="/afs/athena.mit.edu/user/g/e/geofft/.recently-used.xbel.LUR1DV" [1092650.215497] type=1503 audit(1275579305.945:1015): operation="truncate" pid=12569 parent=1 profile="/usr/bin/evince" requested_mask="w::" denied_mask="w::" fsuid=40490 ouid=40490 name="/afs/athena.mit.edu/user/g/e/geofft/.gnome2/evince/ev-metadata.xml" /etc/apparmor.d/usr.bin.evince uses @{HOME} in a couple of places, and includes, eventually, /etc/apparmor.d/tunables/home, which has the following two rules: @{HOME}=@{HOMEDIRS}/*/ /root/ @{HOMEDIRS}=/home/ I think it makes sense to add Athena AFS homedir paths to @{HOMEDIRS}. But I'm kind of hesitant to suggest changes to AppArmor? config in general... |
|||
#1505 | fixed | apparmor is overly paranoid about dconf profiles | bbaren | |
Description |
On Precise machines, attempting to open evince dumps core: $ evince ** (evince:4328): ERROR **: Error loading dconf profile 'athena_user': open '/etc/dconf/profile/athena_user': Permission denied Trace/breakpoint trap (core dumped) I’ve only tested this in Xmonad; it may not impact Unity users, but I haven’t checked. /etc/dconf/profile/athena_user is world-readable. |
|||
#602 | fixed | AppArmor needs to support Xauthority files outside of $HOME | gdb | broder |
Description |
/etc/apparmor.d/abstractions/X gives access to @{HOME}/.Xauthority However, we don't put Xauthority files in $HOME; we put them in /var/run/athena-sessions to better handle multiple simultaneous logins from different machines. We should add /var/run/xauth-* to the whitelist. |