ProtectHome=true does not make /home/abc be inaccessible to auditd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
audit (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
In Ubuntu 22.04, I installed auditd and noticed that /lib/systemd/
I understand that ProtectHome=true means the /home directory appears inaccessible to service processes.
This is my file /etc/audit/
-D
-a always,exit -F path=/home/abc
-a always,exit -F auid=1000
-b 8192
--backlog_wait_time 0
-f 1
Executing sudo systemctl restart auditd && sudo auditctl -l shows:
-a always,exit -S all -F path=/home/abc
-a always,exit -S all -F auid=1000
However, if /etc/audit/
-D
-a always,exit -F path=/home/
-a always,exit -F auid=1000
-b 8192
--backlog_wait_time 0
-f 1
Running sudo systemctl restart auditd && sudo auditctl -l shows: No rules.
I don't understand why /home/ubuntu/abc is considered inaccessible, whereas /home/abc is considered accessible.
After I changed ProtectHome=true to ProtectHome=
lsb_release -ra
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
ii auditd 1:3.0.7-1build1 amd64 User space tools for security auditing
ii systemd 249.11-0ubuntu3.9 amd64 system and service manager
ls -lR /home
/home:
total 4
-rw-r--r-- 1 root root 0 Aug 9 11:16 abc
drwxr-x--- 4 ubuntu ubuntu 4096 Aug 9 11:17 ubuntu
/home/ubuntu:
total 0
-rw-rw-r-- 1 ubuntu ubuntu 0 Aug 9 10:59 abc