Comment # 4 on bug 1166007 from Michael Hirmke

(In reply to Christian Boltz from comment #3)
[...]
> 
> So - if you have created separate profiles for /usr/lib/dovecot/script-login
> and your actual post-login script, I'd be interested to see them.
> 

Hrmpf, too late 8-<
For security reasons I decided to move my script to /home/vmail/bin.
Owner/group for this directory are vmail.vmail, same for the script now.
vmail is the user running the imap-postlogin service in my configuration.
I then removed/resetted all the apparmor profiles, that have been newly
created/altered after running aa-logprof. My intention was to let apparmor
reread the audit.log after a while and recreate the profiles according to the
new configuration.
But no more errors occured after reloading apparmor profiles and restarting
dovecot.
So I don't have any new/altered profiles now - so sorry.

One more question, though:

I get an error message from the dovecot master process
"master: Error: serivce(lmtp): kill(<pid>, SIGINT) failed: Operation not
permitted"
This happens, when the lmtp service should be killed after idle timeout.
There seems to be no entry in the audit.log for this error.
Isn't this an error caused by apparmor, then?

TIA.
Bye.
Michael.