This will be fixed in wily with apparmor 2.9.2-0ubuntu1. Attached is patch to update the dovecot profiles for a trusty SRU.
** Patch added: "profiles-dovecot-updates-lp1296667.patch" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1296667/+attachment/4399538/+files/profiles-dovecot-updates-lp1296667.patch ** Description changed: + [impact] + + This bug prevents dovecot users from using the apparmor policies shipped + in the apparmor-profiles package without significant modifications. + + [steps to reproduce] + + 1) install and setup dovecot and confirm that it's functioning as + expected + 2) install the apparmor-profiles package + 3) restart dovecot to ensure apparmor policies are being applied + 4) if this bug has been addressed, dovecot should start successfully + without generating apparmor rejections + + [regression potential] + + The change in the patch for this bug updates the dovecot policy to + match the most recent apparmor release (2.9.2). These add missing + policies, restructure a few things to common abstractions, and grant + additional permissions. Any regressions related to this patch would + be strictly limited to the policy for dovecot. + + [original description] + I'm on Ubuntu 14.04 LTS. Since last week I get these messages: [11468.257576] type=1400 audit(1395659127.103:38560): apparmor="ALLOWED" operation="connect" profile="/usr/lib/dovecot/imap-login" name="/run/dovecot/config" pid=30971 comm="imap-login" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 [11491.128691] type=1400 audit(1395659149.988:38616): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=30978 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 [11551.171186] type=1400 audit(1395659210.056:38853): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/dovecot" pid=31620 comm="dovecot" capability=36 capname="block_suspend" [11551.171338] type=1400 audit(1395659210.056:38854): apparmor="ALLOWED" operation="exec" info="profile not found" error=-2 profile="/usr/sbin/dovecot" name="/usr/lib/dovecot/auth" pid=31630 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 When I then start dovecot I get these in mail.log: Mar 24 08:42:52 polly dovecot: master: Dovecot v2.2.9 starting up (core dumps disabled) Mar 24 08:42:52 polly dovecot: master: Fatal: execv(/usr/lib/dovecot/log) failed: No such file or directory Mar 24 08:42:52 polly dovecot: master: Error: service(anvil): command startup failed, throttling for 2 secs Mar 24 08:42:52 polly dovecot: master: Error: service(log): child 1387 returned error 84 (exec() failed) Mar 24 08:42:52 polly dovecot: master: Error: service(log): command startup failed, throttling for 2 secs Mar 24 08:42:52 polly dovecot: master: Error: service(ssl-params): command startup failed, throttling for 2 secs Mar 24 08:55:42 polly dovecot: master: Error: service(config): command startup failed, throttling for 2 secs Mar 24 08:55:42 polly dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs I tried to purge and reinstall apparmor(-profiles) but that didn't fix this issue. I did a aa-disable dovecot and now the errors are gone. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1296667 Title: dovecot/apparmor: profile not found To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1296667/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
