Hello, I think I submitted this before, but I am not sure this has been addressed I am using AppArmor with Dovecot, without any issue. However, I think there is a bug in the indexer working, from what I can see, a missing trailing slash. See: ------------ Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 ------------ The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. Can someone double check the code of the indexer worker, or this has been fixed? Thanks, Andr? -- https://github.com/progmaticltd/homebox
On 9 Dec 2018, at 16.44, Andr? Rodier via dovecot <dovecot at dovecot.org> wrote:> > Hello, > > I think I submitted this before, but I am not sure this has been addressed > > I am using AppArmor with Dovecot, without any issue. > > However, I think there is a bug in the indexer working, from what I can see, a missing trailing slash. See: > > ------------ > Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 > ------------ > > The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. > > Can someone double check the code of the indexer worker, or this has been fixed?Dovecot is definitely not trying to open that file itself. It has to be libc or some other library. I also can't think of anything special in indexer-worker compared to other Dovecot binaries that could cause this. What's your doveconf -n?
On 2018-12-09 23:13, Timo Sirainen wrote:> On 9 Dec 2018, at 16.44, Andr? Rodier via dovecot <dovecot at dovecot.org> > wrote: >> >> Hello, >> >> I think I submitted this before, but I am not sure this has been >> addressed >> >> I am using AppArmor with Dovecot, without any issue. >> >> However, I think there is a bug in the indexer working, from what I >> can see, a missing trailing slash. See: >> >> ------------ >> Dec 09 14:35:53 portal2 kernel: audit: type=1400 >> audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" >> info="Failed name lookup - disconnected path" error=-13 >> profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" >> pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" >> fsuid=1001 ouid=0 >> ------------ >> >> The indexer worker is trying to open the file "var/cache/nscd/hosts" >> instead of "/var/cache/nscd/hosts", which of course fails. >> >> Can someone double check the code of the indexer worker, or this has >> been fixed? > > Dovecot is definitely not trying to open that file itself. It has to > be libc or some other library. I also can't think of anything special > in indexer-worker compared to other Dovecot binaries that could cause > this. What's your doveconf -n?You are probably right, I will continue to investigate on my side. My configuration is attached. -- https://github.com/progmaticltd/homebox -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: dovconf.txt URL: <https://dovecot.org/pipermail/dovecot/attachments/20181210/154d97be/attachment-0001.txt>