Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Apparmor and dovecot clash in Leap 42.1
On 02/20/2016 05:47 AM, Freek de Kruijf wrote:
In the dovecot log on Leap 42.1 I see messages like:
imap(freek): Error: opendir(/home/freek/Maildir) failed: Permission denied
(euid=1000(freek) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?))

After some digging I found that this is a problem caused by improper apparmor
rules for dovecot. Apparently apparmor does not allow access to the Maildir
directory tree by dovecot, which is obviously needed to access e-mail in that
directory. So IMAP is not usable any more. Any idea what rule should be added?

Made a bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=967528


*sigh*
This was the problem when I installed on 12.2 as well!

See, for example
https://forums.opensuse.org/showthread.php/497085-Dovecot-2-1-17-in-opensuse-13-1

At the time I used the apparmour utilities to scan the log files and
build the necessary changes.

Try "man aa-logprof" to start with.

And its not just dovecot!

Oh, look!

ls --width=72 /etc/apparmor.d/local/
bin.ping usr.lib.dovecot.managesieve-login
README usr.lib.dovecot.pop3
sbin.klogd usr.lib.dovecot.pop3-login
sbin.syslogd usr.lib.dovecot.ssl-params
sbin.syslog-ng usr.sbin.avahi-daemon
usr.lib.apache2.mpm-prefork.apache2 usr.sbin.dnsmasq
usr.lib.dovecot.anvil usr.sbin.dovecot
usr.lib.dovecot.auth usr.sbin.identd
usr.lib.dovecot.config usr.sbin.mdnsd
usr.lib.dovecot.deliver usr.sbin.nmbd
usr.lib.dovecot.dict usr.sbin.nscd
usr.lib.dovecot.dovecot-auth usr.sbin.ntpd
usr.lib.dovecot.dovecot-lda usr.sbin.smbd
usr.lib.dovecot.imap usr.sbin.smbd-shares
usr.lib.dovecot.imap-login usr.sbin.smbd-shares.rpmsave
usr.lib.dovecot.lmtp usr.sbin.smbldap-useradd
usr.lib.dovecot.log usr.sbin.traceroute
usr.lib.dovecot.managesieve usr.sbin.winbindd

and

more /etc/apparmor.d/local/README
# This directory is intended to contain profile additions and
# overrides for inclusion by distributed profiles to aid in
# packaging AppArmor for distributions.


--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References