On 9 Dec 2018, at 16.44, André Rodier via dovecot <dovecot@dovecot.org> wrote: > > Hello, > > I think I submitted this before, but I am not sure this has been addressed > > I am using AppArmor with Dovecot, without any issue. > > However, I think there is a bug in the indexer working, from what I can see, > a missing trailing slash. See: > > ------------ > Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): > apparmor="DENIED" operation="file_mmap" info="Failed name lookup - > disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" > name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" > requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 > ------------ > > The indexer worker is trying to open the file "var/cache/nscd/hosts" instead > of "/var/cache/nscd/hosts", which of course fails. > > Can someone double check the code of the indexer worker, or this has been > fixed?
Dovecot is definitely not trying to open that file itself. It has to be libc or some other library. I also can't think of anything special in indexer-worker compared to other Dovecot binaries that could cause this. What's your doveconf -n?
