[opensuse-factory] After upgrade to Tumbleweed 20171120 dovecot fails to start
I have the following messages in the dovecot log: nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create directory: / home/freek/.local/share because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file: /home/ freek/.local/share/kwalletd/kdewallet.salt because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5-kwalletd: Couldn't create or read the salt file nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth): pam_kwallet5: Fail into creating the hash These files have me as owner and group users. drwxr-xr-x is for folder /home/freek/.local/share -rw------- is for file /home/freek/.local/share/kwalletd/kdewallet.salt Looks like auth does get get the characteristics of my account. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
I have the following messages in the dovecot log:
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create directory: / home/freek/.local/share because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file: /home/ freek/.local/share/kwalletd/kdewallet.salt because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5-kwalletd: Couldn't create or read the salt file nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth): pam_kwallet5: Fail into creating the hash
These files have me as owner and group users. drwxr-xr-x is for folder /home/freek/.local/share -rw------- is for file /home/freek/.local/share/kwalletd/kdewallet.salt
Looks like auth does get get the characteristics of my account.
I'm slightly surprised to see pam_kwallet5 in your log lines, therefore I'm not sure if my answer really applies, but nevertheless: Dovecot is confined by a set of AppArmor profiles by default. Can you please check your /var/log/audit/audit.log if you see any lines with apparmor="DENIED" If you don't have auditd running (and therefore don't have audit.log), you can also check the syslog or the dmesg output. Regards, Christian Boltz -- Mmh. Nachdem alle hier anscheinend Mutt verwenden habe ich mal einen Blick draufgeworfen. Dafür braucht man entweder ein Studium (Schwerpunkt Mutt) oder viel Zeit. Mal sehen was ich zuerst habe. [Christian Wunderlich in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Op donderdag 23 november 2017 00:10:02 CET schreef Christian Boltz:
Hello,
Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
I have the following messages in the dovecot log:
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create directory: / home/freek/.local/share because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file: /home/ freek/.local/share/kwalletd/kdewallet.salt because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5-kwalletd: Couldn't create or read the salt file nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth): pam_kwallet5: Fail into creating the hash
These files have me as owner and group users. drwxr-xr-x is for folder /home/freek/.local/share -rw------- is for file /home/freek/.local/share/kwalletd/kdewallet.salt
Looks like auth does get get the characteristics of my account.
I'm slightly surprised to see pam_kwallet5 in your log lines, therefore I'm not sure if my answer really applies, but nevertheless:
Dovecot is confined by a set of AppArmor profiles by default. Can you please check your /var/log/audit/audit.log if you see any lines with apparmor="DENIED"
Yes, I do have a lot of lines in there with DENIED. Just a few: type=AVC msg=audit(1511388209.179:54): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/var/lib/nscd/netgroup" pid=1101 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1511388322.293:92): apparmor="DENIED" operation="capable" profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=2 capname="dac_read_search" type=AVC msg=audit(1511388322.293:93): apparmor="DENIED" operation="capable" profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=1 capname="dac_override" type=AVC msg=audit(1511388386.515:100): apparmor="DENIED" operation="signal" profile="/usr/sbin/dovecot" pid=1669 comm="dovecot" requested_mask="send" denied_mask="send" signal=rtmin+1770224144 peer="/usr/lib/dovecot/auth"
If you don't have auditd running (and therefore don't have audit.log), you can also check the syslog or the dmesg output.
Regards,
Christian Boltz
The strange thing is that after a reboot I now can access my email via this dovecot. So the problem might be present much earlier than today. -- fr.gr. Freek de Kruijf member openSUSE -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Op donderdag 23 november 2017 00:36:12 CET schreef Freek de Kruijf:
Op donderdag 23 november 2017 00:10:02 CET schreef Christian Boltz:
Hello,
Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
I have the following messages in the dovecot log:
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create directory: / home/freek/.local/share because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file: /home/ freek/.local/share/kwalletd/kdewallet.salt because: 13-Permission denied nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5-kwalletd: Couldn't create or read the salt file nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth): pam_kwallet5: Fail into creating the hash
These files have me as owner and group users. drwxr-xr-x is for folder /home/freek/.local/share -rw------- is for file /home/freek/.local/share/kwalletd/kdewallet.salt
Looks like auth does get get the characteristics of my account.
I'm slightly surprised to see pam_kwallet5 in your log lines, therefore I'm not sure if my answer really applies, but nevertheless:
Dovecot is confined by a set of AppArmor profiles by default. Can you please check your /var/log/audit/audit.log if you see any lines with
apparmor="DENIED"
Yes, I do have a lot of lines in there with DENIED. Just a few:
type=AVC msg=audit(1511388209.179:54): apparmor="DENIED" operation="mknod" profile="/usr/sbin/nscd" name="/var/lib/nscd/netgroup" pid=1101 comm="nscd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 type=AVC msg=audit(1511388322.293:92): apparmor="DENIED" operation="capable" profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=2 capname="dac_read_search" type=AVC msg=audit(1511388322.293:93): apparmor="DENIED" operation="capable" profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=1 capname="dac_override" type=AVC msg=audit(1511388386.515:100): apparmor="DENIED" operation="signal" profile="/usr/sbin/dovecot" pid=1669 comm="dovecot" requested_mask="send" denied_mask="send" signal=rtmin+1770224144 peer="/usr/lib/dovecot/auth"
If you don't have auditd running (and therefore don't have audit.log), you can also check the syslog or the dmesg output.
Regards,
Christian Boltz
The strange thing is that after a reboot I now can access my email via this dovecot. So the problem might be present much earlier than today.
BTW. I made bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=1069470 -- fr.gr. Freek de Kruijf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Donnerstag, 23. November 2017, 12:25:19 CET schrieb Freek de Kruijf:
Op donderdag 23 november 2017 00:36:12 CET schreef Freek de Kruijf:
Yes, I do have a lot of lines in there with DENIED. Just a few: [...] BTW. I made bug report:
Thanks! I answered in the bugreport to have everything at one place. Regards, Christian Boltz -- Weitere üble Beschimpfungen bitte selber einfügen, mehr fällt mir im Moment nicht ein. [Bernd Brodesser zu Henne Vogelsang in suse-talk] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Christian Boltz -
Freek de Kruijf