Mailinglist Archive: opensuse-bugs (5295 mails)

< Previous Next >
[Bug 851984] After update (zypper dup) AppArmor profiles for dovecot have to be manually removed to make dovecot work

https://bugzilla.novell.com/show_bug.cgi?id=851984

https://bugzilla.novell.com/show_bug.cgi?id=851984#c7


--- Comment #7 from Christian Boltz <suse-beta@xxxxxxxxx> 2013-11-24 20:43:45
CET ---
(In reply to comment #6)
I appreciate your help and slowly, I start to understand AppArmor a little
better.

:-)

The openSUSE documentation about AppArmor is quite good (doc.opensuse.org ->
Security Guide).

For getting started, you can also have a look at my slides on
http://blog.cboltz.de/archives/65-openSUSE-conference.html

Nov 24 17:42:39 odysseus kernel: type=1400 audit(1385311359.970:754):
apparmor="DENIED" operation="capable" parent=5160
profile="/usr/lib/dovecot/auth" pid=5209 comm="auth" pid=5209 comm="auth"
capability=29 capname="audit_write"

You need

--- usr.lib.dovecot.auth 2013-11-24 12:45:34.752229423 +0100
+++usr.lib.dovecot.auth 2013-11-24 20:03:03.826563592 +0100
@@ -9,6 +9,7 @@

deny capability block_suspend,

+ capability audit_write,
capability setgid,
capability setuid,

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
References