Helmut K. C. Tessarek
2018-Apr-04 06:44 UTC
issue with sieve forwarding after upgrade to 0.5.1
On 2018-04-04 01:54, B. Reino wrote:> The new systemd service file has NoNewPrivileges set to true. You need > to override that to false and then it should work again.It seems that the NoNewPrivileges option messes with several things. PAM authentication stopped working as well besides the fact that CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet. I've opened a pull request https://github.com/dovecot/core/pull/71 Although I removed NoNewPrivileges altogether, since I didn't know what to write in the comment. The only thing I could think of was something along the lines: # If you want most things to stop working, set this to true I thought this would be rather counterproductive, thus I removed it. Maybe somebody else could enlighten me who came up with this default setting and why it was set to true in the first place. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
We are thinking that we remove both this and CapabilityBoundingSet in next release, so feel free to remove them from the unit file. ---Aki TuomiDovecot oy -------- Original message --------From: "Helmut K. C. Tessarek" <tessarek at evermeet.cx> Date: 04/04/2018 09:44 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: issue with sieve forwarding after upgrade to 0.5.1 On 2018-04-04 01:54, B. Reino wrote:> The new systemd service file has NoNewPrivileges set to true. You need > to override that to false and then it should work again.It seems that the NoNewPrivileges option messes with several things. PAM authentication stopped working as well besides the fact that CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet. I've opened a pull request https://github.com/dovecot/core/pull/71 Although I removed NoNewPrivileges altogether, since I didn't know what to write in the comment. The only thing I could think of was something along the lines: # If you want most things to stop working, set this to true I thought this would be rather counterproductive, thus I removed it. Maybe somebody else could enlighten me who came up with this default setting and why it was set to true in the first place. Cheers, ? K. C. -- regards Helmut K. C. Tessarek????????????? KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* ?? Thou shalt not follow the NULL pointer for chaos and madness ?? await thee at its end. */ -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180404/36f90587/attachment.html>
Helmut K. C. Tessarek
2018-Apr-04 15:16 UTC
issue with sieve forwarding after upgrade to 0.5.1
On 2018-04-04 03:09, Aki Tuomi wrote:> We are thinking that we remove both this and CapabilityBoundingSet in > next release, so feel free to remove them from the unit file.Thanks for the info. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20180404/820dbc3a/attachment.sig>