https://bugzilla.novell.com/show_bug.cgi?id=681267 https://bugzilla.novell.com/show_bug.cgi?id=681267#c0 Summary: AppArmor completely prevents dovecot IMAP server from functioning Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: iceman@fastmail.com.au QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.2.15) Gecko/20110303 SUSE/3.6.15-0.2.1 Firefox/3.6.15 After installing dovecot and applying a fairly straightforward configuration to it I found that my mail client couldn't connect properly to the dovecot server. Also many of dovecot's imap-login processes were completely hanging and had to be killed with a kill -9 since the normal service dovecot stop was unable to stop them. In /var/log/mail I saw these errors: Mar 21 12:49:46 triton dovecot: dovecot: link(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat.tmp) failed: Permission denied Mar 21 12:49:46 triton dovecot: dovecot: Generating Diffie-Hellman parameters for the first time. This may take a while.. Mar 21 12:50:12 triton dovecot: ssl-build-param: SSL parameters regeneration completed Mar 21 12:50:12 triton dovecot: dovecot: link(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat.tmp) failed: Permission denied Mar 21 12:50:12 triton dovecot: dovecot: file_copy(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat) failed: No such file or directory I then enabled non-SSL login to see if the problem was specific to the SSL setup. It wasn't however as I then got these errors: Mar 21 13:22:56 triton dovecot: imap-login: Login: user=<tim>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 21 13:22:56 triton dovecot: setmntent(/etc/mtab) failed: Permission denied Mar 21 13:22:56 triton dovecot: IMAP(tim): open(/home/tim/Mail/.imap/INBOX/dovecot.index.log) failed: Permission denied (euid=1000(tim) egid=100(users) UNIX perms appear ok, some security policy wrong?) Mar 21 13:22:56 triton dovecot: IMAP(tim): file_dotlock_create(/home/tim/Mail/main) failed: Permission denied (euid=1000(tim) egid=100(users) UNIX perms appear ok, some security policy wrong?) (under root dir /home/tim/Mail -> no privileged locking) Mar 21 13:22:56 triton dovecot: IMAP(tim): open() failed with mbox file /home/tim/Mail/main: Permission denied My dovecot config (dovecot -n): # 1.2.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.37.1-1.2-desktop x86_64 openSUSE 11.4 (x86_64) ext4 protocols: imaps listen: 127.0.0.1 login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_location: mbox:/home/%u/Mail:INBOX=/home/%u/Mail/main lda: postmaster_address: postmaster@example.com auth default: passdb: driver: pam userdb: driver: passwd The workaround was to use the AppArmor module in YAST to set everything to 'complain', effectively disabling AppArmor. Reproducible: Always Steps to Reproduce: 1. Install dovecot 2. Configure dovecot with a working (tested on Opensuse 11.3) configuration file 3. Try to connect to dovecot with a mail client Actual Results: Client can't connect, errors in /var/log/mail (as detailed in the Summary) Expected Results: Client can connect -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.