** Attachment added: "apparmor profile" https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1652131/+attachment/4795379/+files/usr.lib.dovecot.auth
** Description changed: + lsb_release -a + No LSB modules are available. + Distributor ID: Ubuntu + Description: Ubuntu 16.10 + Release: 16.10 + Codename: yakkety + Installing Postfix and Dovecot and setting them up as explained at https://help.ubuntu.com/lts/serverguide/postfix.html Then setting all apparmor profiles including Postfix and Dovecot to enforce mode. Postfix fails to send a TLS protected email because Dovecot can't connect to /var/spool/postfix/auth/private because when Dovecot's apparmor profile is set to enforce mode, apparmor denies Dovecot access to /var/spool/postfix/auth/private. Syslog apparmor="DENIED" operation="connect" profile="/usr/lib/dovecot/auth" name="/run/dovecot/anvil-auth-penalty" pid=8251 comm="auth" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0 apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/run/dovecot/stats-user" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/log" name="run/systemd/journal/dev-log" pid=8093 comm="log" requested_mask="w" denied_mask="w" fsuid=0 ouid=0 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 apparmor="DENIED" operation="file_perm" profile="/usr/lib/dovecot/auth" name="/var/spool/postfix/private/auth" pid=8251 comm="auth" requested_mask="w" denied_mask="w" fsuid=129 ouid=130 Dec 22 10:38:20 frontier postfix/master[1516]: warning: process /usr/lib/postfix/sbin/smtpd pid 8248 exit status 1 ** Summary changed: - Putting Apparmor profile usr.lib.dovecot.auth into enforce mode blocks access to /var/spool/private/auth so Postfix and Dovecot can't send TLS protected emails + Putting Apparmor profile usr.lib.dovecot.auth into enforce mode blocks access to /var/spool/private/auth for Dovecot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1652131 Title: Putting Apparmor profile usr.lib.dovecot.auth into enforce mode blocks access to /var/spool/private/auth for Dovecot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1652131/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
