Hi Thomas, thanks for the report
AppArmor resolves the symbolic link on mediation, so to allow mbsync to
access those files, you can add the following permission to
/etc/apparmor.d/local/mbsync
@{HOME}/dotfiles/isync/.mbsyncrc r,
It can be done by the following command:
sudo bash -c "echo '@{HOME}/dotfiles/isync/.mbsyncrc r,' >>
/etc/apparmor.d/local/mbsync"
then reload the profile
sudo apparmor_parser -r /etc/apparmor.d/openvpn
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2098929
Title:
new mbsync profile doesn't work when .mbsyncrc is symlinked
Status in apparmor package in Ubuntu:
New
Bug description:
Looks like there's a new mbsync profile but that profile doesn't work
if the ~/.mbsyncrc file is a symlink to another file in another
directory (in my case ~/dotfiles/mbsync/.mbsyncrc).
The error I get is:
$ mbsync -a
Cannot open config file '/home/tom/.mbsyncrc': Permission denied
Journal says:
Feb 20 08:54:10 paprika kernel: audit: type=1400 audit(1740038050.037:1045):
apparmor="DENIED" operation="open" class="file" profile="mbsync"
name="/home/tom/dotfiles/isync/.mbsyncrc" pid=32187 comm="mbsync"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
because the file is a symlink:
$ ls -al ~/.mbsyncrc
lrwxrwxrwx 1 tom tom 24 Jul 18 2024 /home/tom/.mbsyncrc ->
dotfiles/isync/.mbsyncrc
I'm using stow as a symlink manager to handle my dotfiles. I don't
think this is a very exotic setup.
ProblemType: Bug
DistroRelease: Ubuntu 25.04
Package: apparmor 4.1.0~beta5-0ubuntu2
ProcVersionSignature: Ubuntu 6.12.0-15.15-generic 6.12.11
Uname: Linux 6.12.0-15-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.31.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Feb 20 08:49:34 2025
InstallationDate: Installed on 2024-07-18 (217 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/usr/bin/zsh
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-6.12.0-15-generic
root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to plucky on 2024-12-20 (62 days ago)
modified.conffile..etc.apparmor.d.element-desktop: [modified]
mtime.conffile..etc.apparmor.d.element-desktop: 2025-02-11T18:32:02.077059
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2098929/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
