touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #84180
[Bug 1296667] Re: dovecot/apparmor: profile not found
I agree with Steve that this SRU should proceed despite the verification
for this bug failing. As Steve mentioned, there are no new regressions
caused by this failed verification. The bug is simply not fixed yet.
This SRU addresses a large number of other issues that are greatly
impacting 14.04 users and it would be unfortunate if they had to wait
longer for the fixes provided by this SRU.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1296667
Title:
dovecot/apparmor: profile not found
Status in AppArmor Linux application security framework:
New
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
[impact]
This bug prevents dovecot users from using the apparmor policies shipped
in the apparmor-profiles package without significant modifications.
[steps to reproduce]
1) install and setup dovecot and confirm that it's functioning as
expected
2) install the apparmor-profiles package
3) restart dovecot to ensure apparmor policies are being applied
4) if this bug has been addressed, dovecot should start successfully
without generating apparmor rejections
[regression potential]
The change in the patch for this bug updates the dovecot policy to
match the most recent apparmor release (2.9.2). These add missing
policies, restructure a few things to common abstractions, and grant
additional permissions. Any regressions related to this patch would
be strictly limited to the policy for dovecot.
[original description]
I'm on Ubuntu 14.04 LTS. Since last week I get these messages:
[11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
[11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36 capname="block_suspend"
[11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
When I then start dovecot I get these in mail.log:
Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled)
Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory
Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed)
Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
I tried to purge and reinstall apparmor(-profiles) but that didn't fix
this issue. I did a aa-disable dovecot and now the errors are gone.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions
