touch-packages team mailing list archive
  
  - 
     touch-packages team touch-packages team
- 
    Mailing list archive
  
- 
    Message #58652
  
 [Bug 997269] Re: dovecot imap broken by apparmor	policy
  
Hm, a fix was released... Can we have more info on what was fixed in apparmor itself ?  (which commit, and which ubuntu/debian package/version) ?
My server is in 12.04.1 LTS and I don't want to upgrade the whole system it only for this, so I need more info.
I just upgraded my apparmor package from 2.7.102-0ubuntu3.7 to
2.7.102-0ubuntu3.10 ... But the changelog does not seem to list this bug
as fixed::
  * 0022-aa-logprof-PUx_rewrite_fix-lp982619.patch: fix aa-logprof
    rewrite of PUx modes (LP: #982619)
  * 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating
    the problem (LP: #1091642)
  * 0024-profiles-allow_exo-open-lp987578.patch: allow exo-open to work
    within ubuntu-integration (LP: #987578)
Also, the current bug thread is not clear about if this is related to
apparmor-profile or to an apparmor bug.
But, I don't have any apparmor-profile package installed and I am
experiencing this issue randomly.
Namely:
Feb 26 10:45:36 mail dovecot: imap(foobar): Error: fcntl(unlock) locking failed for file /home/foobar/.mail/dovecot.index.log: No such file or directory 
Feb 26 10:45:36 mail dovecot: imap(foobar): Error: fstat() failed with file /home/foobar/.mail/dovecot.index.log: No such file or directory
Feb 26 10:47:00  dovecot: last message repeated 15 times
Many thanks if anybody as any info on this topic.
-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/997269
Title:
  dovecot imap broken by apparmor policy
Status in apparmor package in Ubuntu:
  Fix Released
Status in dovecot package in Ubuntu:
  Invalid
Status in apparmor package in Debian:
  Fix Released
Bug description:
  Syslog output:
  Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fcntl(unlock) locking failed for file /home/foobar/Maildir/dovecot.index.log: No such file or directory
  Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fstat() failed with file /home/foobar/Maildir/dovecot.index.log: No such file or directory
  Apr 29 10:59:37  dovecot: last message repeated 122 times
  Apr 29 11:00:38  dovecot: last message repeated 248 times
  Apr 29 11:01:54  dovecot: last message repeated 203 times
  audit.log, lots of entries similar to the following:
  type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED"
  operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107
  //null-10b//null-118"
  name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937
  comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
  The apparmor policy is as shipped with 12.04. The strange thing here
  is that audit.log says that the access was allowed and the apparmor
  policy has "flags=(complain)", but the imap server still fails
  accessing some files in the Maildir folders.
  Workaround:
  # ln -s /etc/apparmor.d/usr.sbin.dovecot /etc/apparmor.d/disable/
  After disabling the usr.sbin.dovecot apparmor policy everything works
  fine. There is no need to disable the "usr.lib.dovecot.imap" policy.
  It looks like the imap process is incorrectly running under the
  dovecot main daemon's apparmor profile. And for some odd reason the
  profile is enforcing things even though it should be in "complain"
  mode. What are these "//null-NNN/" strings in the logged apparmor
  profile name? I do not know apparmor well enough to debug this further
  at this point.
  Someone else has encountered this also, see thread at:
  http://comments.gmane.org/gmane.mail.imap.dovecot/60533
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: dovecot-imapd 1:2.0.19-0ubuntu1
  ProcVersionSignature: User Name 3.2.0-24.37-virtual 3.2.14
  Uname: Linux 3.2.0-24-virtual x86_64
  ApportVersion: 2.0.1-0ubuntu7
  Architecture: amd64
  Date: Wed May  9 18:36:11 2012
  ProcEnviron:
   SHELL=/bin/bash
   TERM=screen
   LANG=en_US.UTF-8
  SourcePackage: dovecot
  UpgradeStatus: Upgraded to precise on 2012-04-27 (12 days ago)
  --- 
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  DistroRelease: Ubuntu 12.04
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  Package: apparmor 2.7.102-0ubuntu3.1
  PackageArchitecture: amd64
  ProcEnviron:
   TERM=linux
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-23-generic root=UUID=7e6df5b7-d31e-4757-a388-f4f477187a63 ro
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Tags:  precise
  Uname: Linux 3.2.0-23-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/997269/+subscriptions