AppArmor

Apparmor complains about multiple /run/dovecot file access

  1. Series 2.10
  2. Bug #1512131
Bug #1512131 reported by luca
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
Undecided
Unassigned
AppArmor 2.11.1
2.10
Fix Released
Undecided
Unassigned
AppArmor 2.10.3
2.9
Fix Released
Undecided
Unassigned
AppArmor 2.9.5
apparmor (Ubuntu)
Fix Released
Low
Unassigned
Nominated for Artful by Andreas Hasenack
Nominated for Xenial by Andreas Hasenack

Bug Description

Hi, since I upgraded from XUbuntu 15.04 to 15.10 I started to get a lot of apparmor complains about dovecot. The complains were more or less like this:

operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/auth-worker" comm="auth" requested_mask="wr" denied_mask="wr" fsuid=117 ouid=117
operation="file_perm" profile="/usr/lib/dovecot/anvil" name="/run/dovecot/anvil-auth-penalty" comm="anvil" requested_mask="r" denied_mask="r" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/anvil" name="/run/dovecot/anvil" comm="anvil" requested_mask="r" denied_mask="r" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/anvil" name="/run/dovecot/anvil" comm="anvil" requested_mask="w" denied_mask="w" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/auth-master" comm="auth" requested_mask="w" denied_mask="w" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/auth-worker" comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=117
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/auth-worker" comm="auth" requested_mask="w" denied_mask="w" fsuid=117 ouid=117
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/login/login" comm="auth" requested_mask="r" denied_mask="r" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/auth" name="/run/dovecot/login/login" comm="auth" requested_mask="w" denied_mask="w" fsuid=117 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/login/imap" comm="imap" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/imap" name="/run/dovecot/login/imap" comm="imap" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
operation="file_perm" profile="/usr/lib/dovecot/ssl-params" name="/run/dovecot/login/ssl-params" comm="ssl-params" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
operation="file_receive" profile="/usr/lib/dovecot/imap" comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap-login"
operation="file_receive" profile="/usr/lib/dovecot/imap-login" comm="imap" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/dovecot/imap"
operation="signal" profile="/usr/sbin/dovecot" comm="dovecot" requested_mask="send" denied_mask="send" signal=int peer="/usr/lib/dovecot/auth"

To avoid them, I added some stuff to the /etc/apparmor.d/local directory, patch attached.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: dovecot-core 1:2.2.18-2ubuntu2
ProcVersionSignature: Ubuntu 4.2.0-17.21-generic 4.2.3
Uname: Linux 4.2.0-17-generic x86_64
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
CurrentDesktop: XFCE
Date: Sun Nov 1 19:42:56 2015
InstallationDate: Installed on 2012-11-11 (1085 days ago)
InstallationMedia: Xubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.1)
SourcePackage: dovecot
UpgradeStatus: Upgraded to wily on 2015-11-01 (0 days ago)

Revision history for this message
luca (llucax) wrote :
Revision history for this message
luca (llucax) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch for local files" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Mathew Hodson (mhodson)
Changed in dovecot (Ubuntu):
importance: Undecided → Low
Marc Deslauriers (mdeslaur)
affects: dovecot (Ubuntu) → apparmor (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Nathaniel Homier (mechamechanism) wrote :

This still happens as of 16.10 with all updates applied.

Revision history for this message
Christian Boltz (cboltz) wrote :

Commited to AppArmor bzr - trunk r3627, 2.10 branch r3383 and 2.9 branch r3048.

Fixing the Ubuntu packages is not my job ;-)

Changed in apparmor:
status: New → Fix Committed
milestone: none → 2.11.1
John Johansen (jjohansen)
Changed in apparmor:
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Confirmed this is not yet in xenial (16.04), but bionic (18.04) has it.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Artful (17.10) also does not have it.

Changed in apparmor (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Fix released in bionic.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.