Bugzilla – Bug 1199535
[Build 20220512] dovecot/pop3 vs apparmor
Last modified: 2022-05-15 20:40:04 UTC
## Observation type=USER_AUTH msg=audit(1652509166.040:1497): pid=11876 uid=0 auid=4294967295 ses=4294967295 subj==dovecot-auth (enforce) msg='op=PAM:authentication grantors=pam_gnome_keyring,pam_unix acct="recipient" exe="/usr/lib/dovecot/auth" hostname=::1 addr=::1 terminal=dovecot res=success' type=USER_ACCT msg=audit(1652509166.044:1498): pid=11876 uid=0 auid=4294967295 ses=4294967295 subj==dovecot-auth (enforce) msg='op=PAM:accounting grantors=pam_unix acct="recipient" exe="/usr/lib/dovecot/auth" hostname=::1 addr=::1 terminal=dovecot res=success' type=AVC msg=audit(1652509166.056:1499): apparmor="DENIED" operation="open" profile="dovecot-pop3" name="/proc/11877/stat" pid=11877 comm="pop3" requested_mask="r" denied_mask="r" fsuid=1002 ouid=0 type=SYSCALL msg=audit(1652509166.056:1499): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f56e28a8ea3 a2=0 a3=0 items=0 ppid=11862 pid=11877 auid=4294967295 uid=1002 gid=1002 euid=1002 suid=1002 fsuid=1002 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=4294967295 comm="pop3" exe="/usr/lib/dovecot/pop3" subj==dovecot-pop3 (enforce) key=(null) type=PROCTITLE msg=audit(1652509166.056:1499): proctitle="dovecot/pop3" openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-apparmor_profile@64bit fails in [usr_lib_dovecot_pop3](https://openqa.opensuse.org/tests/2346536/modules/usr_lib_dovecot_pop3/steps/45) ## Test suite description Maintainer: llzhao@suse.de. Test AppArmor profiles with an existing disk image. ## Reproducible Fails since (at least) Build [20220512](https://openqa.opensuse.org/tests/2345963) ## Expected result Last good: [20220510](https://openqa.opensuse.org/tests/2345146) (or more recent) ## Further details Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=opensuse&flavor=DVD&machine=64bit&test=apparmor_profile&version=Tumbleweed)
[fixing the title - dovecot is not that bad ;-) ] dovecot-imap needs the same permissions, see the other audit.log in openQA. My own dovecot usage shows that dovecot-lmtp also needs some additional permissions. See SR 977392 for details ;-)
This is an autogenerated message for OBS integration: This bug (1199535) was mentioned in https://build.opensuse.org/request/show/977392 Factory / apparmor