[Bug 1117844] New: Dovecot throws permissions errors about /var/run/dovecot/stats-writer when delivering mail
http://bugzilla.suse.com/show_bug.cgi?id=1117844 Bug ID: 1117844 Summary: Dovecot throws permissions errors about /var/run/dovecot/stats-writer when delivering mail Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: AppArmor Assignee: suse-beta@cboltz.de Reporter: psychonaut@nothingisreal.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Today I upgraded from Tumbleweed 20181119 to 20181126, which included an upgrade from dovecot23-2.3.3-32.4 to dovecot23-2.3.4-34.1. Now whenever I run getmail, which grabs mail from my ISP's IMAP server and hands it off to my local Dovecot IMAP server for delivery, I get the following error messages: msg 25/29 (6757 bytes) from <torontocbm-bounce@freelists.org>, delivery error (command deliver 4511 wrote to stderr: lda(psy,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied) Delivery error (command deliver 4513 wrote to stderr: lda(psy,)Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied) While Dovecot successfully delivers the mail, the error message it throws makes getmail think that delivery was not successful, and so getmail never deletes the message from the remote server. So I'm ending up with lots of duplicate copies of messages on my local machine. I'm guessing that this is another AppArmor issue like Bug 1087753 and Bug 1088161. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1117844 http://bugzilla.suse.com/show_bug.cgi?id=1117844#c1 Tristan Miller <psychonaut@nothingisreal.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|AppArmor |Other Assignee|suse-beta@cboltz.de |bnc-team-screening@forge.pr | |ovo.novell.com --- Comment #1 from Tristan Miller <psychonaut@nothingisreal.com> --- On further testing, this appears to be the same issue described for Debian at <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903161>. That is, Dovecot has made a change that no longer allows doveadm to be run by regular users; they must be in the dovecot group. I can confirm that adding myself to the dovecot group fixes the issue. So this isn't an issue with AppArmor. It might help to document the new permission requirement (for example, in a dedicated README file), as proposed in the Debian bug. I'll leave this bug report open in case anyone wants to implement that solution; if not, then this can be closed as RESOLVED/INVALID. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c3 Peter Varkoly <varkoly@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Peter Varkoly <varkoly@suse.com> --- Was fixed in the version 2.13.3 of apparmor-profiles -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c4 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #4 from Christian Boltz <suse-beta@cboltz.de> --- (In reply to Peter Varkoly from comment #3)
Was fixed in the version 2.13.3 of apparmor-profiles
Peter, I'm sorry to disappoint you, but - as mentioned in the previous comments, this bug is unrelated to AppArmor. Therefore I'm reopening it. Instead, it's about the socket permissions (as in "chmod"), see comment 1 and comment 2 for the details. Marcus, what's the status of the upstream issue? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c5 --- Comment #5 from Marcus R�ckert <mrueckert@suse.com> --- a better fix than adding the user to the dovecot group: ``` service stats { unix_listener stats-writer { mode = 0666 } } ``` -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c6 --- Comment #6 from Tristan Miller <psychonaut@nothingisreal.com> --- (In reply to Marcus R�ckert from comment #5)
a better fix than adding the user to the dovecot group:
``` service stats { unix_listener stats-writer { mode = 0666 } } ```
Could you please be more specific? If this line is supposed to go in some configuration file, what is the name of the file and where should this text be inserted? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c7 --- Comment #7 from Marcus R�ckert <mrueckert@suse.com> --- you have a service stats block already. just add the unix_listener block there or if you have a block already, update it to look like the one above. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1117844 https://bugzilla.suse.com/show_bug.cgi?id=1117844#c8 --- Comment #8 from Tristan Miller <psychonaut@nothingisreal.com> --- (In reply to Marcus R�ckert from comment #7)
you have a service stats block already.
Where? You still haven't indicated what file you are talking about. No file in /etc/dovecot or its subfolders contains the string "stats" on my system. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com