https://bugzilla.novell.com/show_bug.cgi?id=757271
https://bugzilla.novell.com/show_bug.cgi?id=757271#c12
--- Comment #12 from Christian Boltz
After setting the profiles to 'enforce' mode, dovecot failed to start. I couldn't get the thing to work again. Even after a couple of rounds of setting back to 'complain' mode and running 'aa-logprof'.
I'll check the audit.log - thanks for providing it.
I'm done with AppArmor. In a system where dovecot is mainly serving a webmail through localhost, it really isn't worth the trouble for me trying to get the profiles up-to-date.
OK, this limits the number of possible attackers ;-)
Sadly there is no way to exclude the dovecot profiles and keep the others, so I have removed AppArmor now (the lack of granularity here is a showstopper for me).
There is a way: run aa-disable /usr/sbin/dovecot or if you want to disable all dovecot-related profiles cd /etc/apparmor.d && aa-disable *dove* This will create a symlink in /etc/apparmor.d/disable which prevents loading of the profile. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.