2012-05-09 18:54:57 |
Janne Snabb |
bug |
|
|
added bug |
2012-05-09 19:57:06 |
Janne Snabb |
bug task added |
|
apparmor (Ubuntu) |
|
2012-05-15 05:58:32 |
Robie Basak |
dovecot (Ubuntu): importance |
Undecided |
High |
|
2012-05-16 20:30:09 |
Hasse Hagen Johansen |
bug |
|
|
added subscriber Hasse Hagen Johansen |
2012-05-21 08:17:24 |
Launchpad Janitor |
apparmor (Ubuntu): status |
New |
Confirmed |
|
2012-05-21 08:17:24 |
Launchpad Janitor |
dovecot (Ubuntu): status |
New |
Confirmed |
|
2012-05-21 08:18:09 |
Milan |
bug |
|
|
added subscriber Milan |
2012-07-06 19:59:46 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Confirmed |
Incomplete |
|
2012-07-06 19:59:51 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Incomplete |
Confirmed |
|
2012-07-06 20:01:34 |
Jamie Strandboge |
dovecot (Ubuntu): status |
Confirmed |
Invalid |
|
2012-07-06 20:01:38 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Confirmed |
Incomplete |
|
2012-07-08 13:43:34 |
Janne Snabb |
tags |
amd64 apport-bug precise |
amd64 apport-bug apport-collected precise |
|
2012-07-08 13:43:37 |
Janne Snabb |
description |
Syslog output:
Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fcntl(unlock) locking failed for file /home/foobar/Maildir/dovecot.index.log: No such file or directory
Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fstat() failed with file /home/foobar/Maildir/dovecot.index.log: No such file or directory
Apr 29 10:59:37 dovecot: last message repeated 122 times
Apr 29 11:00:38 dovecot: last message repeated 248 times
Apr 29 11:01:54 dovecot: last message repeated 203 times
audit.log, lots of entries similar to the following:
type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED" operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107//null-10b//null-118" name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937 comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
The apparmor policy is as shipped with 12.04. The strange thing here is that audit.log says that the access was allowed and the apparmor policy has "flags=(complain)", but the imap server still fails accessing some files in the Maildir folders.
Workaround:
# ln -s /etc/apparmor.d/usr.sbin.dovecot /etc/apparmor.d/disable/
After disabling the usr.sbin.dovecot apparmor policy everything works fine. There is no need to disable the "usr.lib.dovecot.imap" policy.
It looks like the imap process is incorrectly running under the dovecot main daemon's apparmor profile. And for some odd reason the profile is enforcing things even though it should be in "complain" mode. What are these "//null-NNN/" strings in the logged apparmor profile name? I do not know apparmor well enough to debug this further at this point.
Someone else has encountered this also, see thread at:
http://comments.gmane.org/gmane.mail.imap.dovecot/60533
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: dovecot-imapd 1:2.0.19-0ubuntu1
ProcVersionSignature: User Name 3.2.0-24.37-virtual 3.2.14
Uname: Linux 3.2.0-24-virtual x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Wed May 9 18:36:11 2012
ProcEnviron:
SHELL=/bin/bash
TERM=screen
LANG=en_US.UTF-8
SourcePackage: dovecot
UpgradeStatus: Upgraded to precise on 2012-04-27 (12 days ago) |
Syslog output:
Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fcntl(unlock) locking failed for file /home/foobar/Maildir/dovecot.index.log: No such file or directory
Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fstat() failed with file /home/foobar/Maildir/dovecot.index.log: No such file or directory
Apr 29 10:59:37 dovecot: last message repeated 122 times
Apr 29 11:00:38 dovecot: last message repeated 248 times
Apr 29 11:01:54 dovecot: last message repeated 203 times
audit.log, lots of entries similar to the following:
type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED" operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107//null-10b//null-118" name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937 comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
The apparmor policy is as shipped with 12.04. The strange thing here is that audit.log says that the access was allowed and the apparmor policy has "flags=(complain)", but the imap server still fails accessing some files in the Maildir folders.
Workaround:
# ln -s /etc/apparmor.d/usr.sbin.dovecot /etc/apparmor.d/disable/
After disabling the usr.sbin.dovecot apparmor policy everything works fine. There is no need to disable the "usr.lib.dovecot.imap" policy.
It looks like the imap process is incorrectly running under the dovecot main daemon's apparmor profile. And for some odd reason the profile is enforcing things even though it should be in "complain" mode. What are these "//null-NNN/" strings in the logged apparmor profile name? I do not know apparmor well enough to debug this further at this point.
Someone else has encountered this also, see thread at:
http://comments.gmane.org/gmane.mail.imap.dovecot/60533
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: dovecot-imapd 1:2.0.19-0ubuntu1
ProcVersionSignature: User Name 3.2.0-24.37-virtual 3.2.14
Uname: Linux 3.2.0-24-virtual x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Wed May 9 18:36:11 2012
ProcEnviron:
SHELL=/bin/bash
TERM=screen
LANG=en_US.UTF-8
SourcePackage: dovecot
UpgradeStatus: Upgraded to precise on 2012-04-27 (12 days ago)
---
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
DistroRelease: Ubuntu 12.04
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
Package: apparmor 2.7.102-0ubuntu3.1
PackageArchitecture: amd64
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-3.2.0-23-generic root=UUID=7e6df5b7-d31e-4757-a388-f4f477187a63 ro
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Tags: precise
Uname: Linux 3.2.0-23-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: |
|
2012-07-08 13:43:38 |
Janne Snabb |
attachment added |
|
ApparmorPackages.txt https://bugs.launchpad.net/bugs/997269/+attachment/3216655/+files/ApparmorPackages.txt |
|
2012-07-08 13:43:41 |
Janne Snabb |
attachment added |
|
ApparmorStatusOutput.txt https://bugs.launchpad.net/bugs/997269/+attachment/3216656/+files/ApparmorStatusOutput.txt |
|
2012-07-08 13:43:43 |
Janne Snabb |
attachment added |
|
Dependencies.txt https://bugs.launchpad.net/bugs/997269/+attachment/3216657/+files/Dependencies.txt |
|
2012-07-08 13:43:47 |
Janne Snabb |
attachment added |
|
KernLog.txt https://bugs.launchpad.net/bugs/997269/+attachment/3216658/+files/KernLog.txt |
|
2012-07-08 13:43:49 |
Janne Snabb |
attachment added |
|
PstreeP.txt https://bugs.launchpad.net/bugs/997269/+attachment/3216659/+files/PstreeP.txt |
|
2012-07-26 22:26:59 |
Björn Torkelsson |
bug |
|
|
added subscriber Björn Torkelsson |
2012-09-25 04:18:59 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Incomplete |
Expired |
|
2012-09-25 18:18:04 |
Janne Snabb |
apparmor (Ubuntu): status |
Expired |
Confirmed |
|
2014-03-24 14:28:53 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Confirmed |
Incomplete |
|
2014-03-27 20:04:10 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
2014-06-10 04:19:13 |
Launchpad Janitor |
apparmor (Ubuntu): status |
Incomplete |
Expired |
|
2014-07-14 12:21:20 |
1x6PY78 |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732184 |
|
2014-07-14 12:21:20 |
1x6PY78 |
bug task added |
|
apparmor (Debian) |
|
2014-07-14 13:48:57 |
Bug Watch Updater |
apparmor (Debian): status |
Unknown |
Confirmed |
|
2014-07-14 14:04:08 |
1x6PY78 |
apparmor (Ubuntu): status |
Expired |
Incomplete |
|
2014-10-08 22:58:22 |
Jamie Strandboge |
apparmor (Ubuntu): status |
Incomplete |
Fix Released |
|
2014-10-19 09:50:50 |
Bug Watch Updater |
apparmor (Debian): status |
Confirmed |
Fix Released |
|