Mailinglist Archive: opensuse-bugs (5295 mails)

< Previous Next >
[Bug 851984] New: After update (zypper dup) AppArmor profiles for dovecot have to be manually removed to make dovecot work
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sat, 23 Nov 2013 12:51:47 +0000
  • Message-id: <bug-851984-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=851984

https://bugzilla.novell.com/show_bug.cgi?id=851984#c0


Summary: After update (zypper dup) AppArmor profiles for
dovecot have to be manually removed to make dovecot
work
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Minor
Priority: P5 - None
Component: AppArmor
AssignedTo: suse-beta@xxxxxxxxx
ReportedBy: lukrez.forums@xxxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101
Firefox/25.0

After having upgraded from 12.3 to 13.1 using the "System Upgrade" method
described in <http://en.opensuse.org/SDB:System_upgrade>, I noticed, that
dovecot was not available, as it failed to start successfully. The journal
gave me this:

Nov 22 15:21:29 odysseus systemd[1]: Starting Dovecot IMAP/POP3 email server...
Nov 22 15:21:29 odysseus systemd[1]: Started Dovecot IMAP/POP3 email server.
Nov 22 15:21:29 odysseus systemd[1]: dovecot.service: main process exited,
code=exited, status=84/n/a
Nov 22 15:21:29 odysseus systemd[1]: Unit dovecot.service entered failed state.
Nov 22 15:21:29 odysseus kernel: type=1400 audit(1385130089.675:34):
apparmor="DENIED" operation="exec" parent=1 profile="/usr/sbin/dovecot"
name="/usr/bin/doveconf" pid=8779 comm="dovecot" requested_mask="x"
denied_..."x" fsuid=0 ouid=0
Nov 22 15:21:29 odysseus dovecot[8779]: Fatal: execv(/usr/bin/doveconf) failed:
Permission denied

which hinted me at AppArmor denying access to "doveconf". Using the
appropriate YaST section, I removed all profiles referring to dovecot. After
that, dovecot started and worked as expected. I wondered whether reinstalling
the AppArmor profiles would break dovecot again and tried:

zypper in -f apparmor-profiles

and after that

systemctl restart dovecot.service

With the fresh profiles from the repository, dovecot still works.

Reproducible: Always

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >