Re: [SOGo] Behaviour of sogo-tool and sogo-alarms-notify in version 3 on Debian Stretch
On 2019-03-18 20:58, André Rodier wrote:
On Sat, 2019-03-16 at 06:34 +, André Rodier wrote:
Hello, good morning.
I am using SOGo on Debian Stretch. I am globally very happy. Calendars
and contacts are perfectly synchronised with my phone, the web
interface
is slick and simple, etc...
I am also using AppArmor, and I am puzzled by a behaviour of some SOGo
binaries on my system. Basically, these two tools are opening the root
folder ("/") thousand times a day, just for reading and getting the
attributes:
> operation="getattr" profile="/usr/sbin/sogo-ealarms-notify" name="/"
> comm="sogo-ealarms-no" requested_mask="r" fsuid=126 ouid=0
> operation="getattr" profile="/usr/sbin/sogo-tool" name="/"
> comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
> operation="open" profile="/usr/sbin/sogo-tool" name="/"
> comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
To avoid any errors and to count them, I allowed but audited the
requests.
I literally have thousand queries per day, just this morning:
> root@portal ~#
> journalctl | grep AUDIT | grep sogo| grep 'Mar 16' | wc -l
> 4393
I really wonder why those binaries are opening the root ("/") folder,
even for reading and getting the attributes.
- What is the point of doing this?
- Is this a bug?
- Is this fixed in the version 4?
Thanks a lot for your support. Your work is very valuable and will
make
people life easier.
Hello again,
I don't mind looking for the origin of the bug myself, but can you
point me in the direction, please?
Where can I see the source code of the tools sogo-ealarms-notify and
sogo-tool on github?
Thanks,
André
I have added a new bug on the tracking system (#4704).
https://sogo.nu/bugs/view.php?id=4704
I am happy to help, but I really would like someone pointing me in the
direction.
Kind regards,
André
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] Behaviour of sogo-tool and sogo-alarms-notify in version 3 on Debian Stretch
Hello again,
I don't mind looking for the origin of the bug myself, but can you
point me in the direction, please?
Where can I see the source code of the tools sogo-ealarms-notify and
sogo-tool on github?
Thanks,
André
On Sat, 2019-03-16 at 06:34 +, André Rodier wrote:
> Hello, good morning.
>
> I am using SOGo on Debian Stretch. I am globally very happy. Calendars
> and contacts are perfectly synchronised with my phone, the web interface
> is slick and simple, etc...
>
> I am also using AppArmor, and I am puzzled by a behaviour of some SOGo
> binaries on my system. Basically, these two tools are opening the root
> folder ("/") thousand times a day, just for reading and getting the
> attributes:
>
> > operation="getattr" profile="/usr/sbin/sogo-ealarms-notify" name="/"
> > comm="sogo-ealarms-no" requested_mask="r" fsuid=126 ouid=0
> > operation="getattr" profile="/usr/sbin/sogo-tool" name="/"
> > comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
> > operation="open" profile="/usr/sbin/sogo-tool" name="/"
> > comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
>
> To avoid any errors and to count them, I allowed but audited the
> requests.
>
> I literally have thousand queries per day, just this morning:
>
> > root@portal ~#
> > journalctl | grep AUDIT | grep sogo| grep 'Mar 16' | wc -l
> > 4393
>
> I really wonder why those binaries are opening the root ("/") folder,
> even for reading and getting the attributes.
>
> - What is the point of doing this?
> - Is this a bug?
> - Is this fixed in the version 4?
>
> Thanks a lot for your support. Your work is very valuable and will make
> people life easier.
>
> Kind regards,
> André
--
André Rodier
HomeBox: https://github.com/progmaticltd/homebox
--
users@sogo.nu
https://inverse.ca/sogo/lists
[SOGo] Behaviour of sogo-tool and sogo-alarms-notify in version 3 on Debian Stretch
Hello, good morning.
I am using SOGo on Debian Stretch. I am globally very happy. Calendars
and contacts are perfectly synchronised with my phone, the web interface
is slick and simple, etc...
I am also using AppArmor, and I am puzzled by a behaviour of some SOGo
binaries on my system. Basically, these two tools are opening the root
folder ("/") thousand times a day, just for reading and getting the
attributes:
operation="getattr" profile="/usr/sbin/sogo-ealarms-notify" name="/"
comm="sogo-ealarms-no" requested_mask="r" fsuid=126 ouid=0
operation="getattr" profile="/usr/sbin/sogo-tool" name="/"
comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
operation="open" profile="/usr/sbin/sogo-tool" name="/"
comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
To avoid any errors and to count them, I allowed but audited the
requests.
I literally have thousand queries per day, just this morning:
root@portal ~#
journalctl | grep AUDIT | grep sogo| grep 'Mar 16' | wc -l
4393
I really wonder why those binaries are opening the root ("/") folder,
even for reading and getting the attributes.
- What is the point of doing this?
- Is this a bug?
- Is this fixed in the version 4?
Thanks a lot for your support. Your work is very valuable and will make
people life easier.
Kind regards,
André
--
https://github.com/progmaticltd/homebox
--
users@sogo.nu
https://inverse.ca/sogo/lists
