Mailinglist Archive: opensuse-bugs (6221 mails)

< Previous Next >
[Bug 1087753] Dovecot fails to start, complaining "Can't open log file /var/log/dovecot.log: Permission denied"
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 10 Apr 2018 16:35:55 +0000
  • Message-id: <bug-1087753-21960-t4OpAG7tzm@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1087753
http://bugzilla.opensuse.org/show_bug.cgi?id=1087753#c6

--- Comment #6 from Shad Sterling <me@xxxxxxxxxxxxxxxx> ---
Actually, that last comment is completely wrong; it seemed to be working at
first, but actually was not. After spending a few hours iterating on
`/var/log/audit/audit.log` and editing several files in
`/etc/apparmor.d/local`, it seems to be back to working.

In `usr.lib.dovecot.config`:

/var/lib/dovecot/ssl-parameters.dat r,
capability dac_read_search,

In `usr.lib.dovecot.auth`:

/run/dovecot/old-stats-user w,

In `usr.sbin.dovecot`:

/usr/lib/dovecot/stats ix,
/var/log/dovecot w,

In `usr.lib.dovecot.log`:

/var/log/dovecot w,

The `w` permission is needed for logs because apparmor denies `ac` and as far
as I can tell there's no way to allow `open`s with `c`. I couldn't find any
indication that there exists documentation with a list of open permissions, so
there may be another way to allow "create and append" other than `w`.

I used the `ix` permission for stats rather than `Px` because there is no
`apparmor.d/user.lib.dovecot.stats` to include corresponding file in
`/etc/apparmor.d/local`, and I thought it better to confine my edits to local.

So basically this recent apparmor update totally clobbers dovecot's ability to
function.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References