Hi Vincas! Vincas Dargis (2020-08-27): > This is produced if usr.sbin.dovecot is copied to /etc/apparmor.d: > > ``` > type=AVC msg=audit(1598556536.092:901): apparmor="DENIED" operation="open" > profile="dovecot" name="/usr/share/dovecot/dh.pem" pid=12625 comm="doveconf" > requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > ``` > > This results in dovecot failing to start: > > ``` > Aug 27 22:31:47 systemd[1]: Started Dovecot IMAP/POP3 email server. > Aug 27 22:31:47 dovecot[13693]: doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 50: ssl_dh: Can't open file > /usr/share/dove > Aug 27 22:31:47 systemd[1]: dovecot.service: Main process exited, > code=exited, status=89/n/a > Aug 27 22:31:47 systemd[1]: dovecot.service: Failed with result 'exit-code'. > ``` > > It is fixed by adding single rule: > > ``` > /usr/share/dovecot/dh.pem r, > ```
Do you think it's too Debian-specific to fix upstream? Cheers!