Re: [opensuse] Apparmor and dovecot clash in Leap 42.1
On 02/20/2016 05:47 AM, Freek de Kruijf wrote:
In the dovecot log on Leap 42.1 I see messages like:
imap(freek): Error: opendir(/home/freek/Maildir) failed: Permission denied
(euid=1000(freek) egid=100(users) UNIX perms appear ok (ACL/MAC wrong?))

After some digging I found that this is a problem caused by improper apparmor
rules for dovecot. Apparently apparmor does not allow access to the Maildir
directory tree by dovecot, which is obviously needed to access e-mail in that
directory. So IMAP is not usable any more. Any idea what rule should be added?

Made a bug report:

This was the problem when I installed on 12.2 as well!

See, for example

At the time I used the apparmour utilities to scan the log files and
build the necessary changes.

Try "man aa-logprof" to start with.

And its not just dovecot!

Oh, look!

ls --width=72 /etc/apparmor.d/local/ usr.lib.dovecot.managesieve-login
README usr.lib.dovecot.pop3
sbin.klogd usr.lib.dovecot.pop3-login
sbin.syslogd usr.lib.dovecot.ssl-params
sbin.syslog-ng usr.sbin.avahi-daemon
usr.lib.apache2.mpm-prefork.apache2 usr.sbin.dnsmasq
usr.lib.dovecot.anvil usr.sbin.dovecot
usr.lib.dovecot.auth usr.sbin.identd
usr.lib.dovecot.config usr.sbin.mdnsd
usr.lib.dovecot.deliver usr.sbin.nmbd
usr.lib.dovecot.dict usr.sbin.nscd
usr.lib.dovecot.dovecot-auth usr.sbin.ntpd
usr.lib.dovecot.dovecot-lda usr.sbin.smbd
usr.lib.dovecot.imap usr.sbin.smbd-shares
usr.lib.dovecot.imap-login usr.sbin.smbd-shares.rpmsave
usr.lib.dovecot.lmtp usr.sbin.smbldap-useradd
usr.lib.dovecot.log usr.sbin.traceroute
usr.lib.dovecot.managesieve usr.sbin.winbindd


more /etc/apparmor.d/local/README
# This directory is intended to contain profile additions and
# overrides for inclusion by distributed profiles to aid in
# packaging AppArmor for distributions.

