[Pkg-giraffe-maintainers] Bug#933761: AppArmor configuration doesn't cover LDAP
Martin Wolf
mwolf at adiumentum.com
Sat Aug 3 00:47:03 BST 2019
Package: kopano-server
Version: 8.7.0-3
The default AppArmor configuration file /etc/apparmor.d/usr.sbin.kopano-server doesn't cover the default LDAP configuration files, which are left by default in /usr/share/kopano/ldap.*.cfg and just included from /etc/kopano/ldap.cfg (which is the Kopano recommendation).
Adding "/usr/share/kopano/ldap.*.cfg r," to /etc/apparmor.d/usr.sbin.kopano-server seems to help.
Error without the modified AppArmor policy:
Aug 3 01:22:19 kernel: [1053287.305384] audit: type=1400 audit(1564788139.240:75): apparmor="DENIED" operation="open" profile="/usr/sbin/kopano-server" name="/usr/share/kopano/ldap.active-directory.cfg" pid=25904 comm=7A2D733A20 requested_mask= "r" denied_mask="r" fsuid=110 ouid=0
Linux 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19) x86_64 GNU/Linux
More information about the Pkg-giraffe-maintainers
mailing list