[SLE] Suddenly I have to disable Apparmor to start postfix.
Hello,
I can not figure out what has changed to cause this error. Suddenly today
after a power outage(2 hours) that caused a shutdown and reboot of the
system. I get in /var/log/mail...
Jul 7 18:37:46 xenau postfix[9301]: fatal: file /etc/postfix/main.cf:
parameter default_privs: unknown user name value: nobody
Jul 7 18:39:08 xenau postfix/postfix-script: fatal: the Postfix mail
system is not running
postfix starts after I disable apparmor without the message. I enable
apparmor and try to reload postfix and I get the error.
I have an other system with all the files exactly the same in
/etc/apparmor.d/ and /etc/apparmor/, that does not have the problem
I have apparmor running on it and I am able to start and stop it. The
/etc/main.cf files are almost totally the same. The only difference is in
the system name. master.cf is also identical. There is one other
difference. The other difference is one has a masguerade_domain and the
other does not.
One machine.
masquerade_domain =
The other machine.
masquerade_domain = zenez.com
On a third machine I have in dynamicmaps.cf
pgsql /usr/lib/postfix/dict_pgsql.so dict_pgsql_open
And it too fails with the message. None of the machines have a
etc.postfix.dynamicmaps.cf in /etc/apparmor.d.
All three machines have the exact same files in /etc/apparmor.d and
/etc/apparmor.
Any ideas on what I have to do to get apparmor to work again and fix it
for the third system that has pgsql in the dynamicsmaps.cf file.
Thanks,
--
Boyd Gerber
I had a similar issue (that I filed a bug on) with sendmail, and it turned out apparmor was the culprit there too. I just unistalled it. I've gotten by on unix/linux for years without such a POS, I can do without it now. Michael -- San Francisco, CA -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Sat, 8 Jul 2006 11:23 am, Michael Nelson wrote:
I had a similar issue (that I filed a bug on) with sendmail, and it turned out apparmor was the culprit there too. I just unistalled it. I've gotten by on unix/linux for years without such a POS, I can do without it now.
I had a play with apparmor and was quite impressed. If it breaks postfix and you want to extend postfix's profile, what you need to do is add "flags=(complain)" to it's profile definition file. Trouble is postfix has separate files for all its bits. However using the "complain" command makes it easy. root> complain /usr/lib/postfix/* There, now if you look in /etc/apparmor.d/ you'll see all the "usr.lib.postfix.*" files in complain mode. The messages in /var/log/messages will tell you what need to be changed to go back into "enforce" mode. There are also automatic profile generating and extending tools that garner the experience from running in complain. What tripped my postfix up was chrooting the smtpd. First I had to allow chrooting capability, then I had problems because the chrooted process wants to read and write files like /default/* It's really /var/spool/postfix/default/ but the chrooted process doesn't know that. Do I gain anything with chroot once I'm running apparmor? Should I simply tell postfix not to do it? michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166 No matter how much you pay for software, you always get less than you hoped. Unless you pay nothing, then you get more. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (3)
-
Boyd Lynn Gerber
-
Michael James
-
Michael Nelson