Mailinglist Archive: opensuse-factory (765 mails)

< Previous Next >
Re: [opensuse-factory] After upgrade to Tumbleweed 20171120 dovecot fails to start
  • From: Freek de Kruijf <freek@xxxxxxxxxxxx>
  • Date: Thu, 23 Nov 2017 00:36:12 +0100
  • Message-id: <2242346.LqZGFkOXhT@eiktum>
Op donderdag 23 november 2017 00:10:02 CET schreef Christian Boltz:
Hello,

Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
I have the following messages in the dovecot log:

nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create
directory: / home/freek/.local/share because: 13-Permission denied
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file:
/home/ freek/.local/share/kwalletd/kdewallet.salt because:
13-Permission denied nov 22 14:43:40 eiktum auth[11418]:
pam_kwallet5-kwalletd: Couldn't create or read the salt file
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth):
pam_kwallet5: Fail into creating the hash

These files have me as owner and group users.
drwxr-xr-x is for folder /home/freek/.local/share
-rw------- is for file
/home/freek/.local/share/kwalletd/kdewallet.salt

Looks like auth does get get the characteristics of my account.

I'm slightly surprised to see pam_kwallet5 in your log lines, therefore
I'm not sure if my answer really applies, but nevertheless:

Dovecot is confined by a set of AppArmor profiles by default. Can you
please check your /var/log/audit/audit.log if you see any lines with
apparmor="DENIED"

Yes, I do have a lot of lines in there with DENIED. Just a few:

type=AVC msg=audit(1511388209.179:54): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/nscd" name="/var/lib/nscd/netgroup" pid=1101 comm="nscd"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1511388322.293:92): apparmor="DENIED" operation="capable"
profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=2
capname="dac_read_search"
type=AVC msg=audit(1511388322.293:93): apparmor="DENIED" operation="capable"
profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=1
capname="dac_override"
type=AVC msg=audit(1511388386.515:100): apparmor="DENIED" operation="signal"
profile="/usr/sbin/dovecot" pid=1669 comm="dovecot" requested_mask="send"
denied_mask="send" signal=rtmin+1770224144 peer="/usr/lib/dovecot/auth"

If you don't have auditd running (and therefore don't have audit.log),
you can also check the syslog or the dmesg output.


Regards,

Christian Boltz

The strange thing is that after a reboot I now can access my email via this
dovecot. So the problem might be present much earlier than today.

--
fr.gr.

Freek de Kruijf
member openSUSE

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups