touch-packages team mailing list archive

Thread
Date
[Bug 1296667] Re: dovecot/apparmor: profile not found

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1296667@xxxxxxxxxxxxxxxxxx>
Date: Wed, 20 May 2015 07:44:58 -0000
Reply-to: Bug 1296667 <1296667@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apparmor - 2.9.2-0ubuntu1

---------------
apparmor (2.9.2-0ubuntu1) wily; urgency=medium

  * Update to apparmor 2.9.2
    - Fix minitools to work with multiple profiles at once (LP: #1378095)
    - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
    - Update dovecot profiles (LP: #1296667)
    - Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
  * dropped patches incorporated upstream:
    add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
    parser-fix_modifier_compilation_+_tests.patch,
    tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
    GDM_X_authority-lp1432126.patch, and
    debian/patches/easyprof-framework-policy.patch
  * Partial merge with debian apparmor package:
    - debian/rules: enable the bindnow hardening flag during build.
    - debian/upstream/signing-key.asc: add new upstream public
      signing key
    - debian/watch: fix watch file, add gpg signature checking
    - install libapparmor.so dev symlink under /usr not /lib
    - debian/patches/reproducible-pdf.patch: make techdoc.pdf
      reproducible even in face of timezone variations.
    - debian/control: sync fields
    - debian/debhelper/postrm-apparmor: remove
      /etc/apparmor.d/{disable,} on package purge
    - debian/libapache2-mod-apparmor.postrm: on package purge, delete
      /etc/apparmor.d/{,disable} if empty
    - debian/libapparmor1.symbols: Use Build-Depends-Package in the
      symbols file.
    - debian/copyright: sync

 -- Steve Beattie <sbeattie@xxxxxxxxxx>  Mon, 11 May 2015 22:03:04 -0700

** Changed in: apparmor (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1296667

Title:
  dovecot/apparmor: profile not found

Status in AppArmor Linux application security framework:
  New
Status in apparmor package in Ubuntu:
  Fix Released

Bug description:
  [impact]

  This bug prevents dovecot users from using the apparmor policies shipped
  in the apparmor-profiles package without significant modifications.

  [steps to reproduce]

  1) install and setup dovecot and confirm that it's functioning as
     expected
  2) install the apparmor-profiles package
  3) restart dovecot to ensure apparmor policies are being applied
  4) if this bug has been addressed, dovecot should start successfully
     without generating apparmor rejections

  [regression potential]

  The change in the patch for this bug updates the dovecot policy to
  match the most recent apparmor release (2.9.2). These add missing
  policies, restructure a few things to common abstractions, and grant
  additional permissions. Any regressions related to this patch would
  be strictly limited to the policy for dovecot.

  [original description]

  I'm on Ubuntu 14.04 LTS. Since last week I get these messages:

  [11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
  [11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
  [11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36  capname="block_suspend"
  [11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0

  When I then start dovecot I get these in mail.log:

  Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled)
  Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory
  Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs
  Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed)
  Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs
  Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs
  Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs
  Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs

  I tried to purge and reinstall apparmor(-profiles) but that didn't fix
  this issue. I did a aa-disable dovecot and now the errors are gone.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions