Public bug reported:

Syslog output:

Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fcntl(unlock) locking 
failed for file /home/foobar/Maildir/dovecot.index.log: No such file or 
directory
Apr 29 10:59:06 host12 dovecot: imap(foobar): Error: fstat() failed with file 
/home/foobar/Maildir/dovecot.index.log: No such file or directory
Apr 29 10:59:37  dovecot: last message repeated 122 times
Apr 29 11:00:38  dovecot: last message repeated 248 times
Apr 29 11:01:54  dovecot: last message repeated 203 times

audit.log, lots of entries similar to the following:

type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED"
operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107
//null-10b//null-118"
name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937
comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

The apparmor policy is as shipped with 12.04. The strange thing here is
that audit.log says that the access was allowed and the apparmor policy
has "flags=(complain)", but the imap server still fails accessing some
files in the Maildir folders.

Workaround:

# ln -s /etc/apparmor.d/usr.sbin.dovecot /etc/apparmor.d/disable/

After disabling the usr.sbin.dovecot apparmor policy everything works
fine. There is no need to disable the "usr.lib.dovecot.imap" policy.

It looks like the imap process is incorrectly running under the dovecot
main daemon's apparmor profile. And for some odd reason the profile is
enforcing things even though it should be in "complain" mode. What are
these "//null-NNN/" strings in the logged apparmor profile name? I do
not know apparmor well enough to debug this further at this point.

Someone else has encountered this also, see thread at:

http://comments.gmane.org/gmane.mail.imap.dovecot/60533

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: dovecot-imapd 1:2.0.19-0ubuntu1
ProcVersionSignature: User Name 3.2.0-24.37-virtual 3.2.14
Uname: Linux 3.2.0-24-virtual x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Wed May  9 18:36:11 2012
ProcEnviron:
 SHELL=/bin/bash
 TERM=screen
 LANG=en_US.UTF-8
SourcePackage: dovecot
UpgradeStatus: Upgraded to precise on 2012-04-27 (12 days ago)

** Affects: dovecot (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/997269

Title:
  dovecot imap broken by apparmor policy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/997269/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to