[Bug 1296667] Re: dovecot/apparmor: profile not found
This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.3 --- apparmor (2.8.95~2430-0ubuntu5.3) trusty-proposed; urgency=medium * debian/apparmor-profiles.install: add missing dovecot profiles (LP: #1296667) -- Steve Beattie Fri, 12 Jun 2015 23:21:58 -0700 ** Changed in: apparmor (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
I ran dovecot-core 1:2.2.9-1ubuntu2.1 with apparmor-profiles 2.8.95~2430-0ubuntu5.3 and didn't get any errors in mail.log or complaints from apparmor. $ sudo aa-status apparmor module is loaded. 49 profiles are loaded. 16 profiles are in enforce mode. /sbin/dhclient /usr/bin/evince /usr/bin/evince-previewer /usr/bin/evince-previewer//sanitized_helper /usr/bin/evince-thumbnailer /usr/bin/evince-thumbnailer//sanitized_helper /usr/bin/evince//sanitized_helper /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/chromium-browser/chromium-browser//browser_java /usr/lib/chromium-browser/chromium-browser//browser_openjdk /usr/lib/chromium-browser/chromium-browser//sanitized_helper /usr/lib/connman/scripts/dhclient-script /usr/lib/lightdm/lightdm-guest-session /usr/lib/lightdm/lightdm-guest-session//chromium /usr/sbin/rsyslogd /usr/sbin/tcpdump 33 profiles are in complain mode. /sbin/klogd /sbin/syslog-ng /sbin/syslogd /usr/lib/chromium-browser/chromium-browser /usr/lib/chromium-browser/chromium-browser//chromium_browser_sandbox /usr/lib/chromium-browser/chromium-browser//lsb_release /usr/lib/chromium-browser/chromium-browser//xdgsettings /usr/lib/dovecot/anvil /usr/lib/dovecot/auth /usr/lib/dovecot/config /usr/lib/dovecot/deliver /usr/lib/dovecot/dict /usr/lib/dovecot/dovecot-auth /usr/lib/dovecot/dovecot-lda /usr/lib/dovecot/imap /usr/lib/dovecot/imap-login /usr/lib/dovecot/lmtp /usr/lib/dovecot/log /usr/lib/dovecot/managesieve /usr/lib/dovecot/managesieve-login /usr/lib/dovecot/pop3 /usr/lib/dovecot/pop3-login /usr/lib/dovecot/ssl-params /usr/sbin/avahi-daemon /usr/sbin/dnsmasq /usr/sbin/dovecot /usr/sbin/identd /usr/sbin/mdnsd /usr/sbin/nmbd /usr/sbin/nscd /usr/sbin/smbd /usr/{sbin/traceroute,bin/traceroute.db} /{usr/,}bin/ping 9 processes have profiles defined. 2 processes are in enforce mode. /sbin/dhclient (30347) /usr/sbin/rsyslogd (421) 7 processes are in complain mode. /usr/lib/dovecot/anvil (23852) /usr/lib/dovecot/config (23855) /usr/lib/dovecot/log (23853) /usr/sbin/avahi-daemon (594) /usr/sbin/avahi-daemon (595) /usr/sbin/dnsmasq (1583) /usr/sbin/dovecot (23851) 0 processes are unconfined but have a profile defined. ** Changed in: apparmor (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
The dovecot profiles were addressed in apparmor 2.9.2 or earlier, closing that portion of this bug. ** Changed in: apparmor Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
Please verify apparmor_2.8.95~2430-0ubuntu5.3 in trusty. Thanks ** Tags removed: verification-failed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
** Changed in: apparmor (Ubuntu Trusty) Status: New => In Progress ** Changed in: apparmor (Ubuntu Trusty) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
I agree with Steve that this SRU should proceed despite the verification for this bug failing. As Steve mentioned, there are no new regressions caused by this failed verification. The bug is simply not fixed yet. This SRU addresses a large number of other issues that are greatly impacting 14.04 users and it would be unfortunate if they had to wait longer for the fixes provided by this SRU. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
Unfortunately, while preparing the fix for this, I did not take into account that the debian/apparmor-profiles.install file needed to be updated to take the additional missing profiles into account. Marking verification-failed. However, failing to install the additional dovecot profiles does not cause any regressions, it just causes this bug to not be fixed by the version of apparmor in trusty-proposed. Given that apparmor 2.8.95~2430-0ubuntu5.2 in trusty-proposed succeeds in addressing several other issues (see bug 1449769 for a partial list), I'd like to see that version pushed to trusty-updates and then have an additional apparmor update go into trusty-proposed that correctly fixes this bug; I'm attaching the debdiff that would do that. ** Patch added: "apparmor_2.8.95~2430-0ubuntu5.3.debdiff" https://bugs.launchpad.net/apparmor/+bug/1296667/+attachment/4414174/+files/apparmor_2.8.95%7E2430-0ubuntu5.3.debdiff ** Tags added: verification-failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
** Branch linked: lp:ubuntu/apparmor ** Branch linked: lp:ubuntu/trusty-proposed/apparmor -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
This bug was fixed in the package apparmor - 2.9.2-0ubuntu1 --- apparmor (2.9.2-0ubuntu1) wily; urgency=medium * Update to apparmor 2.9.2 - Fix minitools to work with multiple profiles at once (LP: #1378095) - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598) - Update dovecot profiles (LP: #1296667) - Allow ubuntu-helpers to build texlive fonts (LP: #1010909) * dropped patches incorporated upstream: add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch parser-fix_modifier_compilation_+_tests.patch, tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch, GDM_X_authority-lp1432126.patch, and debian/patches/easyprof-framework-policy.patch * Partial merge with debian apparmor package: - debian/rules: enable the bindnow hardening flag during build. - debian/upstream/signing-key.asc: add new upstream public signing key - debian/watch: fix watch file, add gpg signature checking - install libapparmor.so dev symlink under /usr not /lib - debian/patches/reproducible-pdf.patch: make techdoc.pdf reproducible even in face of timezone variations. - debian/control: sync fields - debian/debhelper/postrm-apparmor: remove /etc/apparmor.d/{disable,} on package purge - debian/libapache2-mod-apparmor.postrm: on package purge, delete /etc/apparmor.d/{,disable} if empty - debian/libapparmor1.symbols: Use Build-Depends-Package in the symbols file. - debian/copyright: sync -- Steve Beattie Mon, 11 May 2015 22:03:04 -0700 ** Changed in: apparmor (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
The attachment "profiles-dovecot-updates-lp1296667.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu- reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
This will be fixed in wily with apparmor 2.9.2-0ubuntu1. Attached is patch to update the dovecot profiles for a trusty SRU. ** Patch added: "profiles-dovecot-updates-lp1296667.patch" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1296667/+attachment/4399538/+files/profiles-dovecot-updates-lp1296667.patch ** Description changed: + [impact] + + This bug prevents dovecot users from using the apparmor policies shipped + in the apparmor-profiles package without significant modifications. + + [steps to reproduce] + + 1) install and setup dovecot and confirm that it's functioning as +expected + 2) install the apparmor-profiles package + 3) restart dovecot to ensure apparmor policies are being applied + 4) if this bug has been addressed, dovecot should start successfully +without generating apparmor rejections + + [regression potential] + + The change in the patch for this bug updates the dovecot policy to + match the most recent apparmor release (2.9.2). These add missing + policies, restructure a few things to common abstractions, and grant + additional permissions. Any regressions related to this patch would + be strictly limited to the policy for dovecot. + + [original description] + I'm on Ubuntu 14.04 LTS. Since last week I get these messages: [11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 [11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36 capname="block_suspend" [11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 When I then start dovecot I get these in mail.log: Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed) Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs I tried to purge and reinstall apparmor(-profiles) but that didn't fix this issue. I did a aa-disable dovecot and now the errors are gone. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
** Branch linked: lp:~apparmor-dev/apparmor/apparmor-ubuntu-citrain- trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
Some of those issues were already fixed in the upstream profiles. For the remaining issues, I just sent patches to the mailinglist for review. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1296667] Re: dovecot/apparmor: profile not found
** Tags added: aa-policy ** Also affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Project changed: apparmor-profiles => apparmor -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs