Ubuntu
apparmor package

  1. Bug #1652131
  2. Activity log

Activity log for bug #1652131

Date Who What changed Old value New value Message
2016-12-22 18:27:26 Nathaniel Homier bug added bug
2016-12-22 18:29:40 Nathaniel Homier attachment added apparmor profile https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1652131/+attachment/4795379/+files/usr.lib.dovecot.auth
2016-12-22 18:30:26 Nathaniel Homier description Installing Postfix and Dovecot and setting them up as explained at https://help.ubuntu.com/lts/serverguide/postfix.html Then setting all apparmor profiles including Postfix and Dovecot to enforce mode. Postfix fails to send a TLS protected email because Dovecot can't connect to /var/spool/postfix/auth/private because when Dovecot's apparmor profile is set to enforce mode, apparmor denies Dovecot access to /var/spool/postfix/auth/private. Syslog apparmor="DENIED" operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" pid=8251 comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/stats-user" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 Dec 22 10:38:20 frontier postfix/master[1516]: warning: process /usr/lib/postfix/sbin/smtpd pid 8248 exit status 1 lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.10 Release: 16.10 Codename: yakkety Installing Postfix and Dovecot and setting them up as explained at https://help.ubuntu.com/lts/serverguide/postfix.html Then setting all apparmor profiles including Postfix and Dovecot to enforce mode. Postfix fails to send a TLS protected email because Dovecot can't connect to /var/spool/postfix/auth/private because when Dovecot's apparmor profile is set to enforce mode, apparmor denies Dovecot access to /var/spool/postfix/auth/private. Syslog apparmor="DENIED" operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" pid=8251 comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/stats-user" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 Dec 22 10:38:20 frontier postfix/master[1516]: warning: process /usr/lib/postfix/sbin/smtpd pid 8248 exit status 1
2016-12-22 18:31:15 Nathaniel Homier summary Putting Apparmor profile usr.lib.dovecot.auth into enforce mode blocks access to /var/spool/private/auth so Postfix and Dovecot can't send TLS protected emails Putting Apparmor profile usr.lib.dovecot.auth into enforce mode blocks access to /var/spool/private/auth for Dovecot
2016-12-22 19:04:34 Nathaniel Homier affects dpkg (Ubuntu) apparmor (Ubuntu)
2016-12-25 12:04:04 Christian Boltz bug task added apparmor
2016-12-25 12:04:10 Christian Boltz apparmor: assignee Christian Boltz (cboltz)
2016-12-27 16:48:41 Christian Boltz apparmor: status New Fix Committed
2016-12-27 16:48:44 Christian Boltz apparmor: milestone 2.11
2016-12-27 16:50:33 Christian Boltz nominated for series apparmor/2.9
2016-12-27 16:50:33 Christian Boltz bug task added apparmor/2.9
2016-12-27 16:50:33 Christian Boltz nominated for series apparmor/2.10
2016-12-27 16:50:33 Christian Boltz bug task added apparmor/2.10
2016-12-27 16:50:40 Christian Boltz apparmor/2.10: status New Fix Committed
2016-12-27 16:50:44 Christian Boltz apparmor/2.10: milestone 2.10.2
2016-12-27 16:50:47 Christian Boltz apparmor/2.9: status New Fix Committed
2016-12-27 16:50:50 Christian Boltz apparmor/2.9: milestone 2.9.4
2016-12-27 16:50:57 Christian Boltz apparmor/2.10: assignee Christian Boltz (cboltz)
2016-12-27 16:50:59 Christian Boltz apparmor/2.9: assignee Christian Boltz (cboltz)
2017-01-10 20:40:52 Christian Boltz apparmor: status Fix Committed Fix Released
2017-01-10 20:40:55 Christian Boltz apparmor/2.10: status Fix Committed Fix Released
2017-01-10 20:40:58 Christian Boltz apparmor/2.9: status Fix Committed Fix Released
2017-06-30 22:16:09 Launchpad Janitor apparmor (Ubuntu): status New Confirmed