Custom Query (1145 matches)

Reported by geofft, 14 years ago.

I'm seeing this sort of thing in dmesg on debathena-workstation on Karmic:

[1092648.801173] type=1503 audit(1275579304.532:1014): operation="mknod" pid=12569 parent=1 profile="/usr/bin/evince" requested_mask="w::" denied_mask="w::" fsuid=40490 ouid=40490 name="/afs/athena.mit.edu/user/g/e/geofft/.recently-used.xbel.LUR1DV"
[1092650.215497] type=1503 audit(1275579305.945:1015): operation="truncate" pid=12569 parent=1 profile="/usr/bin/evince" requested_mask="w::" denied_mask="w::" fsuid=40490 ouid=40490 name="/afs/athena.mit.edu/user/g/e/geofft/.gnome2/evince/ev-metadata.xml"

/etc/apparmor.d/usr.bin.evince uses @{HOME} in a couple of places, and includes, eventually, /etc/apparmor.d/tunables/home, which has the following two rules:

@{HOME}=@{HOMEDIRS}/*/ /root/
@{HOMEDIRS}=/home/

I think it makes sense to add Athena AFS homedir paths to @{HOMEDIRS}. But I'm kind of hesitant to suggest changes to AppArmor? config in general...

Reported by bbaren, 10 years ago.

On Precise machines, attempting to open evince dumps core:

$ evince

** (evince:4328): ERROR **: Error loading dconf profile 'athena_user': open '/etc/dconf/profile/athena_user': Permission denied

Trace/breakpoint trap (core dumped)

I’ve only tested this in Xmonad; it may not impact Unity users, but I haven’t checked.

/etc/dconf/profile/athena_user is world-readable.

Reported by broder, 14 years ago.

/etc/apparmor.d/abstractions/X gives access to @{HOME}/.Xauthority

However, we don't put Xauthority files in $HOME; we put them in /var/run/athena-sessions to better handle multiple simultaneous logins from different machines.

We should add /var/run/xauth-* to the whitelist.