Comment # 9 on bug 1069470 from 
(In reply to Freek de Kruijf from comment #8)
> type=AVC msg=audit(1511788972.455:92): apparmor="DENIED" operation="signal"
> profile="/usr/sbin/dovecot" pid=1750 comm="dovecot" requested_mask="send"
> denied_mask="send" signal=rtmin+772495128 peer="/usr/lib/dovecot/ssl-params"

rtmin+772495128 looks strange and wrong - AFAIK the kernel supports
rtmin+32..rtmin+64. 

Which kernel version do you use?

As I already mentioned in a previous comment, 4.14.0 and 4.14.1 have a known
bug, so please use 4.14.2 (from Kernel:HEAD until it reaches Tumbleweed).

I wouldn't be surprised if you have the broken kernel, and this is a side
effect of that bug. (Nevertheless, the dovecot profile might need some signal
rules added - but for sure not for rtmin+772495128 ;-)

> type=AVC msg=audit(1511799100.748:51): apparmor="DENIED" operation="capable"
> profile="/usr/sbin/dovecot" pid=1713 comm="dovecot" capability=2 
> capname="dac_read_search"

That means the dovecot profile (/etc/apparmor.d/local/usr.sbin.dovecot) needs
(probably because /var/spool/postfix/private/ is postfix:root 700)
  capability dac_read_search,

You are receiving this mail because: