[Pkg-giraffe-maintainers] Bug#933761: AppArmor configuration doesn't cover LDAP

Martin Wolf mwolf at adiumentum.com
Sat Aug 3 00:47:03 BST 2019


Package: kopano-server
Version: 8.7.0-3

The default AppArmor configuration file /etc/apparmor.d/usr.sbin.kopano-server doesn't cover the default LDAP configuration files, which are left by default in /usr/share/kopano/ldap.*.cfg and just included from /etc/kopano/ldap.cfg (which is the Kopano recommendation).

Adding "/usr/share/kopano/ldap.*.cfg r," to /etc/apparmor.d/usr.sbin.kopano-server seems to help.

Error without the modified AppArmor policy:
 
Aug  3 01:22:19 kernel: [1053287.305384] audit: type=1400 audit(1564788139.240:75): apparmor="DENIED" operation="open" profile="/usr/sbin/kopano-server" name="/usr/share/kopano/ldap.active-directory.cfg" pid=25904 comm=7A2D733A20 requested_mask= "r" denied_mask="r" fsuid=110 ouid=0

Linux 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19) x86_64 GNU/Linux



More information about the Pkg-giraffe-maintainers mailing list