On 2018-12-09 23:13, Timo Sirainen wrote:
On 9 Dec 2018, at 16.44, André Rodier via dovecot <dovecot@dovecot.org>
wrote:
Hello,
I think I submitted this before, but I am not sure this has been
addressed
I am using AppArmor with Dovecot, without any issue.
However, I think there is a bug in the indexer working, from what I
can see, a missing trailing slash. See:
------------
Dec 09 14:35:53 portal2 kernel: audit: type=1400
audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap"
info="Failed name lookup - disconnected path" error=-13
profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts"
pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r"
fsuid=1001 ouid=0
------------
The indexer worker is trying to open the file "var/cache/nscd/hosts"
instead of "/var/cache/nscd/hosts", which of course fails.
Can someone double check the code of the indexer worker, or this has
been fixed?
Dovecot is definitely not trying to open that file itself. It has to
be libc or some other library. I also can't think of anything special
in indexer-worker compared to other Dovecot binaries that could cause
this. What's your doveconf -n?
You are probably right, I will continue to investigate on my side.
My configuration is attached.
--
https://github.com/progmaticltd/homebox
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = yes
lmtp_save_to_detail_mailbox = yes
mail_debug = yes
mail_plugins = " quota fts fts_solr"
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve
namespace inbox {
inbox = yes
location = maildir:~/mails/maildir:INDEX=~/mails/indexes/
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
fts = solr
fts_decoder = decode2text
fts_index_timeout = 60
fts_solr = url=http://localhost:8080/solr/
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_from = *
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
imapsieve_mailbox3_after = file:/etc/dovecot/sieve/duplicate-checks.sieve
imapsieve_mailbox3_causes = APPEND
imapsieve_mailbox3_from = *
imapsieve_mailbox3_name = INBOX
imapsieve_mailbox4_after = file:/etc/dovecot/sieve/sent-checks.sieve
imapsieve_mailbox4_causes = APPEND
imapsieve_mailbox4_from = Sent
imapsieve_mailbox4_name = *
imapsieve_mailbox5_after = file:/etc/dovecot/sieve/tags-important.sieve
imapsieve_mailbox5_causes = APPEND, COPY
imapsieve_mailbox5_from = *
imapsieve_mailbox5_name = Important
quota = maildir:user-quota
quota_rule = *:storage=500M
recipient_delimiter = ~
sieve = file:~/mails/sieve;active=~/mails/sieve/active.sieve
sieve_before = file:/etc/dovecot/sieve/before-global.sieve
sieve_default_name = default
sieve_global = /etc/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_trace_addresses = yes
sieve_trace_debug = yes
sieve_trace_dir = ~/mails/sieve/logs/
sieve_trace_level = commands
sieve_user_log = ~/mails/sieve/logs/main.log
}
protocols = " imap lmtp sieve pop3"
recipient_delimiter = ~
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service decode2text {
executable = script /usr/local/bin/decode2text
unix_listener decode2text {
mode = 0666
}
user = $default_internal_user
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
executable = imap
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
process_limit = 1024
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-warning {
executable = quota-status -p postfix
inet_listener {
port = 30000
}
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = " quota fts fts_solr quota sieve"
postmaster_address = postmas...@hmbx.pw
ssl_cert = </etc/letsencrypt/live/imap.hmbx.pw/fullchain.pem
ssl_key = # hidden, use -P to show it
}
protocol imap {
mail_max_userip_connections = 64
mail_plugins = " quota fts fts_solr imap_sieve imap_quota"
ssl_cert = </etc/letsencrypt/live/imap.hmbx.pw/fullchain.pem
ssl_key = # hidden, use -P to show it
}
protocol sieve {
ssl_cert = </etc/letsencrypt/live/imap.hmbx.pw/fullchain.pem
ssl_key = # hidden, use -P to show it
}
protocol pop3 {
ssl_cert = </etc/letsencrypt/live/pop3.hmbx.pw/fullchain.pem
ssl_key = # hidden, use -P to show it
}
protocol lda {
mail_plugins = " quota fts fts_solr sieve"
}
