On Sat, 8 Jul 2006 11:23 am, Michael Nelson wrote:
I had a similar issue (that I filed a bug on) with sendmail, and it turned out apparmor was the culprit there too. I just unistalled it. I've gotten by on unix/linux for years without such a POS, I can do without it now.
I had a play with apparmor and was quite impressed. If it breaks postfix and you want to extend postfix's profile, what you need to do is add "flags=(complain)" to it's profile definition file. Trouble is postfix has separate files for all its bits. However using the "complain" command makes it easy. root> complain /usr/lib/postfix/* There, now if you look in /etc/apparmor.d/ you'll see all the "usr.lib.postfix.*" files in complain mode. The messages in /var/log/messages will tell you what need to be changed to go back into "enforce" mode. There are also automatic profile generating and extending tools that garner the experience from running in complain. What tripped my postfix up was chrooting the smtpd. First I had to allow chrooting capability, then I had problems because the chrooted process wants to read and write files like /default/* It's really /var/spool/postfix/default/ but the chrooted process doesn't know that. Do I gain anything with chroot once I'm running apparmor? Should I simply tell postfix not to do it? michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166 No matter how much you pay for software, you always get less than you hoped. Unless you pay nothing, then you get more. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com