Package: apparmor-profiles Version: 2.7.103-4 Severity: normal Dear Maintainer,
After deploying apparmor-profiles I receive the following log messages about profile violations from the dovecot imap daemon. Dec 15 11:08:16 myhost kernel: [50667.645060] type=1400 audit(1387102096.373:84925): apparmor="ALLOWED" operation="getattr" parent=4478 profile="/usr/sbin/dovecot//null-1b//null-1f//null-296" name="/home/myuser/Maildir/" pid=7772 comm="imap" requested_mask="r" denied_mask="r" fsuid=1003 ouid=1003 Access to the users' maildirs is covered in the packages dovecot policy. However it is specified in /etc/apparmor.d/usr.lib.dovecot.imap for the /usr/lib/dovecot/imap binary whereas the violation is triggered by /usr/sbin/dovecot. Maybe dovecot's process model changed between version 1 and 2 (which is now in stable) in a way that accessing the Maildirs now happens in a different binary? Best regards David -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/3 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apparmor-profiles depends on: ii apparmor 2.7.103-4 apparmor-profiles recommends no packages. apparmor-profiles suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
