[pkg-apparmor] Bug#835826: Bug#835826: apparmor-profiles: usr.lib.dovecot.imap issue?
Christian Boltz
debian-bugs at cboltz.de
Sun Aug 28 18:46:08 UTC 2016
Hello,
Am Sonntag, 28. August 2016, 18:49:15 CEST schrieb Félix Sipma:
> Aug 28 18:42:04 laptop audit[8899]: AVC apparmor="ALLOWED"
> operation="getattr" profile="/usr/lib/dovecot/imap//null-8b//null-8c"
> name="/home/user/mail/dovecot.index.log" pid=8899 comm="imap"
> requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
This (especially the "//null-*" child profiles [1]) means you'll need
aditional exec rules.
To find out what exactly gets executed, can you please post a bigger
section of your audit log, or even the full log? I'm especially looking
for a line with
operation="exec" profile="/usr/lib/dovecot/imap"
(without any "//null-*" in the profile name)
Note that there are two exec levels involved, so we might need to add
more than one an exec rule. This also means that posting your full audit
log (or at least everything dovecot-related after the exec event
described above) can avoid an additional round of updating the profile
and sending fresh logs ;-)
Regards,
Christian Boltz
[1] null-* are temporary profiles for execs that are not permitted in the
profile yet (and will obviously only be created for profiles in
complain mode - in enforce mode, unknown execs gets denied)
--
Kann man KDE1 Anwendungen benutzen? Ich kenne nur noch zusätzlich KDE2,
was ich schrecklich finde, da es sich entweder aufhängt oder langsam
ist. Manchmal auch beides zusammen. KDE3 schafft es wenigstens den
Krashmanager anzuzeigen, wenn ein Programm abstürzt. ;-)
[Ferdinand Ihringer in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20160828/42f23167/attachment.sig>
More information about the pkg-apparmor-team
mailing list