http://bugzilla.opensuse.org/show_bug.cgi?id=1069470 http://bugzilla.opensuse.org/show_bug.cgi?id=1069470#c9 --- Comment #9 from Christian Boltz <suse-beta@cboltz.de> --- (In reply to Freek de Kruijf from comment #8)
type=AVC msg=audit(1511788972.455:92): apparmor="DENIED" operation="signal" profile="/usr/sbin/dovecot" pid=1750 comm="dovecot" requested_mask="send" denied_mask="send" signal=rtmin+772495128 peer="/usr/lib/dovecot/ssl-params"
rtmin+772495128 looks strange and wrong - AFAIK the kernel supports rtmin+32..rtmin+64. Which kernel version do you use? As I already mentioned in a previous comment, 4.14.0 and 4.14.1 have a known bug, so please use 4.14.2 (from Kernel:HEAD until it reaches Tumbleweed). I wouldn't be surprised if you have the broken kernel, and this is a side effect of that bug. (Nevertheless, the dovecot profile might need some signal rules added - but for sure not for rtmin+772495128 ;-)
type=AVC msg=audit(1511799100.748:51): apparmor="DENIED" operation="capable" profile="/usr/sbin/dovecot" pid=1713 comm="dovecot" capability=2 capname="dac_read_search"
That means the dovecot profile (/etc/apparmor.d/local/usr.sbin.dovecot) needs (probably because /var/spool/postfix/private/ is postfix:root 700) capability dac_read_search, -- You are receiving this mail because: You are on the CC list for the bug.