Package: postsrsd
Version: 2.0.11-1+b1
Severity: important

Dear maintainer,

The AppArmor configuration is incomplete. It's missing read on /etc/postsrsd.conf and socket creation.

I've switch to complain for now, and I got at least these reports:
sept. 21 17:44:23 belette64 kernel: audit: type=1400 audit(1758469463.824:322): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/sbin/postsrsd" name="/var/spool/postfix/srs.lock" pid=73759 comm="postsrsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 sept. 21 17:44:23 belette64 kernel: audit: type=1400 audit(1758469463.824:323): apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/postsrsd" name="/var/spool/postfix/srs.lock" pid=73759 comm="postsrsd" requested_mask="rc" denied_mask="rc" fsuid=0 ouid=0 sept. 21 17:44:23 belette64 kernel: audit: type=1400 audit(1758469463.824:324): apparmor="ALLOWED" operation="file_lock" class="file" profile="/usr/sbin/postsrsd" name="/var/spool/postfix/srs.lock" pid=73759 comm="postsrsd" requested_mask="wk" denied_mask="wk" fsuid=0 ouid=0 sept. 21 17:44:23 belette64 kernel: audit: type=1400 audit(1758469463.824:325): apparmor="ALLOWED" operation="mknod" class="file" profile="/usr/sbin/postsrsd" name="/var/spool/postfix/srs" pid=73759 comm="postsrsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 sept. 21 17:44:23 belette64 kernel: audit: type=1400 audit(1758469463.824:326): apparmor="ALLOWED" operation="chmod" class="file" profile="/usr/sbin/postsrsd" name="/var/spool/postfix/srs" pid=73759 comm="postsrsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0


-- System Information:
Debian Release: forky/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.16.7+deb14-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages postsrsd depends on:
ii  adduser                3.153
ii  debconf [debconf-2.0]  1.5.91
ii  init-system-helpers    1.69
ii  libc6                  2.41-12
ii  libconfuse2            3.3-4

postsrsd recommends no packages.

postsrsd suggests no packages.

-- Configuration Files:
/etc/apparmor.d/usr.sbin.postsrsd changed:
/usr/sbin/postsrsd flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  capability setuid,
  capability setgid,
  capability sys_chroot,
  /etc/postsrsd.conf r,
  /etc/postsrsd.secret r,
  /usr/sbin/postsrsd mr,
}


-- debconf information:
  postsrsd/domain: antipoul.fr
Thank you for using reportbug

Reply via email to