[pkg-apparmor] Bug#887591: apparmor-profiles: dovecot capname="dac_read_search"
intrigeri
intrigeri at debian.org
Thu Jan 18 16:56:58 UTC 2018
Control: severity -1 minor
Hi Félix,
Félix Sipma:
> I found the following line in my logs:
> Jan 18 11:02:04 laptop kernel: audit: type=1400 audit(1516269724.065:84):
> apparmor="ALLOWED" operation="capable" profile="/usr/lib/dovecot/lmtp" pid=17621
> comm="lmtp" capability=2 capname="dac_read_search"
OK, thanks. This should be harmless: the operation is not blocked
under complain mode ("ALLOWED").
To be frank I'll take it easy on such issues until we decide if we
should be shipping this profile in /etc at all on Debian (#830502).
If you're annoyed by these warnings in the logs you can fully disable
the profile with aa-disable. If you actually want to confine dovecot
with AppArmor, great: please report this bug upstream
(https://launchpad.net/apparmor); the fix should be a one-liner.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list