Mailinglist Archive: opensuse-bugs (5295 mails)
| < Previous | Next > |
[Bug 851984] After update (zypper dup) AppArmor profiles for dovecot have to be manually removed to make dovecot work
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Sun, 24 Nov 2013 19:43:45 +0000
- Message-id: <20131124194346.06682CC6A5@soval.provo.novell.com>
https://bugzilla.novell.com/show_bug.cgi?id=851984
https://bugzilla.novell.com/show_bug.cgi?id=851984#c7
--- Comment #7 from Christian Boltz <suse-beta@xxxxxxxxx> 2013-11-24 20:43:45
CET ---
(In reply to comment #6)
I appreciate your help and slowly, I start to understand AppArmor a little
better.
:-)
The openSUSE documentation about AppArmor is quite good (doc.opensuse.org ->
Security Guide).
For getting started, you can also have a look at my slides on
http://blog.cboltz.de/archives/65-openSUSE-conference.html
Nov 24 17:42:39 odysseus kernel: type=1400 audit(1385311359.970:754):
apparmor="DENIED" operation="capable" parent=5160
profile="/usr/lib/dovecot/auth" pid=5209 comm="auth" pid=5209 comm="auth"
capability=29 capname="audit_write"
You need
--- usr.lib.dovecot.auth 2013-11-24 12:45:34.752229423 +0100
+++usr.lib.dovecot.auth 2013-11-24 20:03:03.826563592 +0100
@@ -9,6 +9,7 @@
deny capability block_suspend,
+ capability audit_write,
capability setgid,
capability setuid,
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |