Mailinglist Archive: opensuse-bugs (5295 mails)

< Previous Next >
[Bug 851984] After update (zypper dup) AppArmor profiles for dovecot have to be manually removed to make dovecot work

https://bugzilla.novell.com/show_bug.cgi?id=851984

https://bugzilla.novell.com/show_bug.cgi?id=851984#c5


--- Comment #5 from Christian Boltz <suse-beta@xxxxxxxxx> 2013-11-24 12:58:32
CET ---
(In reply to comment #4)
Installed the profile files and reloaded AppArmor. After that, browsed partly
through my mail tree on the IMAP server provided by dovecot. I didn't
experience any problems.

That's because you switched the profiles to complain mode. Howewer, your log
contains some apparmor="ALLOWED" events (which would have been blocked in
enforce mode).

You'll need the following profile additions/changes:

--- usr.lib.dovecot.auth 2013-11-23 22:56:12.424309053 +0100
+++ usr.lib.dovecot.auth 2013-11-24 12:45:34.752229423 +0100
@@ -2,6 +2,7 @@
#include <tunables/global>

/usr/lib/dovecot/auth {
+ #include <abstractions/authentication>
#include <abstractions/base>
#include <abstractions/mysql>
#include <abstractions/nameservice>

--- usr.lib.dovecot.imap 2013-10-21 12:23:09.000000000 +0200
+++ usr.lib.dovecot.imap 2013-11-24 12:48:52.734597289 +0100
@@ -12,11 +12,11 @@
@{HOME}/Maildir/ rw,
@{HOME}/Maildir/** klrw,
@{HOME}/Mail/ rw,
- @{HOME}/Mail/* klrw,
+ @{HOME}/Mail/** klrw, # * -> **
@{HOME}/Mail/.imap/** klrw,
@{HOME}/mail/ rw,
- @{HOME}/mail/* klrw,
+ @{HOME}/mail/** klrw, # * -> **
@{HOME}/mail/.imap/** klrw,
/usr/lib/dovecot/imap mr,
/var/mail/* klrw,
- /var/spool/mail/* klrw,
+ /var/spool/mail/** klrw, # * -> **


If you notice more apparmor="ALLOWED" (or apparmor="DENIED") log events, please
tell me ;-)

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References