| 2014-03-24 11:24:46 |
Leon |
bug |
|
|
added bug |
| 2014-12-03 13:17:47 |
Jamie Strandboge |
tags |
|
aa-policy |
|
| 2014-12-03 13:17:59 |
Jamie Strandboge |
bug task added |
|
apparmor (Ubuntu) |
|
| 2014-12-03 13:18:09 |
Jamie Strandboge |
affects |
apparmor-profiles |
apparmor |
|
| 2015-04-25 06:55:01 |
Launchpad Janitor |
branch linked |
|
lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain-trusty |
|
| 2015-05-18 15:10:54 |
Steve Beattie |
attachment added |
|
profiles-dovecot-updates-lp1296667.patch https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1296667/+attachment/4399538/+files/profiles-dovecot-updates-lp1296667.patch |
|
| 2015-05-18 15:11:39 |
Steve Beattie |
description |
I'm on Ubuntu 14.04 LTS. Since last week I get these messages:
[11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
[11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36 capname="block_suspend"
[11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
When I then start dovecot I get these in mail.log:
Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled)
Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory
Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed)
Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
I tried to purge and reinstall apparmor(-profiles) but that didn't fix this issue. I did a aa-disable dovecot and now the errors are gone. |
[impact]
This bug prevents dovecot users from using the apparmor policies shipped
in the apparmor-profiles package without significant modifications.
[steps to reproduce]
1) install and setup dovecot and confirm that it's functioning as
expected
2) install the apparmor-profiles package
3) restart dovecot to ensure apparmor policies are being applied
4) if this bug has been addressed, dovecot should start successfully
without generating apparmor rejections
[regression potential]
The change in the patch for this bug updates the dovecot policy to
match the most recent apparmor release (2.9.2). These add missing
policies, restructure a few things to common abstractions, and grant
additional permissions. Any regressions related to this patch would
be strictly limited to the policy for dovecot.
[original description]
I'm on Ubuntu 14.04 LTS. Since last week I get these messages:
[11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0
[11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36 capname="block_suspend"
[11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
When I then start dovecot I get these in mail.log:
Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled)
Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory
Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed)
Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs
Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs
Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
I tried to purge and reinstall apparmor(-profiles) but that didn't fix this issue. I did a aa-disable dovecot and now the errors are gone. |
|
| 2015-05-18 16:18:40 |
Ubuntu Foundations Team Bug Bot |
tags |
aa-policy |
aa-policy patch |
|
| 2015-05-18 16:18:47 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2015-05-20 07:44:58 |
Launchpad Janitor |
apparmor (Ubuntu): status |
New |
Fix Released |
|
| 2015-05-24 17:34:11 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/apparmor |
|
| 2015-05-24 17:34:18 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/apparmor |
|
| 2015-06-13 06:43:31 |
Steve Beattie |
attachment added |
|
apparmor_2.8.95~2430-0ubuntu5.3.debdiff https://bugs.launchpad.net/apparmor/+bug/1296667/+attachment/4414174/+files/apparmor_2.8.95%7E2430-0ubuntu5.3.debdiff |
|
| 2015-06-13 06:43:46 |
Steve Beattie |
tags |
aa-policy patch |
aa-policy patch verification-failed |
|
| 2015-06-15 16:46:30 |
Adam Conrad |
nominated for series |
|
Ubuntu Trusty |
|
| 2015-06-15 16:46:30 |
Adam Conrad |
bug task added |
|
apparmor (Ubuntu Trusty) |
|
| 2015-06-15 19:36:21 |
Steve Beattie |
apparmor (Ubuntu Trusty): status |
New |
In Progress |
|
| 2015-06-15 19:36:27 |
Steve Beattie |
apparmor (Ubuntu Trusty): importance |
Undecided |
High |
|
| 2015-06-18 18:18:01 |
Chris J Arges |
tags |
aa-policy patch verification-failed |
aa-policy patch verification-needed |
|
| 2015-06-22 21:26:27 |
Steve Beattie |
apparmor: status |
New |
Fix Released |
|
| 2015-08-07 23:06:35 |
Mathew Hodson |
apparmor (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2015-08-07 23:06:45 |
Mathew Hodson |
tags |
aa-policy patch verification-needed |
aa-policy patch verification-done |
|
| 2015-08-11 21:57:30 |
Launchpad Janitor |
apparmor (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
