Mailinglist Archive: opensuse-bugs (5295 mails)

< Previous Next >
[Bug 851984] After update (zypper dup) AppArmor profiles for dovecot have to be manually removed to make dovecot work

https://bugzilla.novell.com/show_bug.cgi?id=851984

https://bugzilla.novell.com/show_bug.cgi?id=851984#c3


--- Comment #3 from Christian Boltz <suse-beta@xxxxxxxxx> 2013-11-23 23:20:29
CET ---
Created an attachment (id=568826)
--> (http://bugzilla.novell.com/attachment.cgi?id=568826)
profiles for dovecot2 (probably not complete)

(In reply to comment #2)
I did actually not reload the profiles explicitly and had to
discover that my "solution" to reinstall the profiles, would have
prevented dovecot from working on the next reboot.

OK, at least now I know that the profile really needs an update. After checking
the bzr log, that's not too surprising - the last change was two years ago, and
the profile is probably only working for dovecot 1.x.

The attached tarball contains profiles I use for dovecot 2.x. They are probably
not complete yet (that's also the reason why I didn't commit them yet), but
might be better than the shipped profiles. Can you please install them in
/etc/apparmor.d/ and switch them to complain mode (aa-complain
/etc/apparmor.d/*dove*)? Complain mode will allow everything and log what the
profiles would not allow.

Then check your log for needed profile updates, and attach the log to this
bugreport. "Log" can mean:
- /var/log/audit/audit.log if auditd is running, otherwise
- grep -i apparmor /var/log/messages if you have a syslog daemon running
- journalctl | grep -i apparmor > log if you only log to journal

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References