http://bugzilla.opensuse.org/show_bug.cgi?id=1069470 http://bugzilla.opensuse.org/show_bug.cgi?id=1069470#c4 --- Comment #4 from Freek de Kruijf <freek@opensuse.org> --- (In reply to Christian Boltz from comment #3)
The nscd profile allows reading and writing the /var/lib/nscd/ files you mentioned (and does so since a long time IIRC), therefore I'm surprised why you get denials for them.
Can you please check if you have some *.rpmnew files in /etc/apparmor.d/ ?
No I do not have these files. After a reboot just now I do not see these DENIED in the log file.
For the dovecot issues, please edit /etc/apparmor.d/usr.lib.dovecot.auth and add the following two lines:
capability dac_read_search, capability dac_override,
(You can instead add them to /etc/apparmor.d/local/usr.lib.dovecot.auth if you prefer not to edit rpm-managed files.)
Done
Afterwards, run rcapparmor reload to reload all profiles.
No DENIED since the last reboot.
Note to myself: /var/spool/postfix/private/ (postfix:root 700) might be the reason for dac_read_search, and /run/dovecot/auth-worker (dovecot:root 600) is probably a reason for dac_override.
Indeed these are the protection masks on this directory, respectively socket. -- You are receiving this mail because: You are on the CC list for the bug.