Comment 0 for bug 619521

Binary package hint: apparmor

I have pam_apparmor set up for sshd as follows.

session optional pam_apparmor.so order=user,group,default debug

It never searches group or default. It thinks it finds a hat the user whether a hat exists for the user or not.

In complain mode, the debug messages are:

Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 16:21:03 zeno sshd[22113]: pam_apparmor(sshd:session): Successfully changed to hat 'gray'

Note, there is not a hat 'gray' defined. If I put it in enforce mode:

Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Using username 'gray'
Aug 17 17:02:36 zeno sshd[3955]: pam_apparmor(sshd:session): Unknown error occurred changing to gray hat: No such file or directory

Maybe we're doing something wrong, but I think its broken.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libpam-apparmor 2.5-0ubuntu3
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic-pae i686
Architecture: i386
Date: Tue Aug 17 18:30:58 2010
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release i386 (20100427)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apparmor