dove-lda apparmor profile prevents lda indexing from working

Bug #1631137 reported by Hasse Hagen Johansen on 2016-10-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Hi

I had the the full text indexing failing with(every time I received a mail):

Oct 6 21:31:02 pris dovecot: lda(hhj): Error: net_connect_unix(/var/run/dovecot/indexer) failed: Permission denied

It seems he profile doesn't allow connecting to the unix socket /var/run/dovecot/indexer

/etc/apparmor.d/usr.lib.dovecot.dovecot-lda

Disabling apparmor for dovecot-lda seems to have fixed the problem. Like this:

aa-disable /usr/lib/dovecot/dovecot-lda

I will change the profile locally on my machine (a little crude to just disable it) to allow for connecting to the indexing socket, but maybe that should also be fixed in the apparor-profiles package

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10.95-0ubuntu2.2
ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19
Uname: Linux 4.4.0-38-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
Date: Thu Oct 6 22:01:15 2016
InstallationDate: Installed on 2011-06-24 (1930 days ago)
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Release amd64 (20110426)
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.4.0-38-generic root=/dev/mapper/miyagi-root ro quiet splash vt.handoff=7
SourcePackage: apparmor
Syslog:

UpgradeStatus: Upgraded to xenial on 2016-04-29 (160 days ago)

Seth Arnold (seth-arnold) wrote :

Hasse, could you please share the rules you add to your profiles, once you're finished?

Thanks

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers