Hello, good morning.
I am using SOGo on Debian Stretch. I am globally very happy. Calendars
and contacts are perfectly synchronised with my phone, the web interface
is slick and simple, etc...
I am also using AppArmor, and I am puzzled by a behaviour of some SOGo
binaries on my system. Basically, these two tools are opening the root
folder ("/") thousand times a day, just for reading and getting the
attributes:
operation="getattr" profile="/usr/sbin/sogo-ealarms-notify" name="/"
comm="sogo-ealarms-no" requested_mask="r" fsuid=126 ouid=0
operation="getattr" profile="/usr/sbin/sogo-tool" name="/"
comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
operation="open" profile="/usr/sbin/sogo-tool" name="/"
comm="sogo-tool" requested_mask="r" fsuid=126 ouid=0
To avoid any errors and to count them, I allowed but audited the
requests.
I literally have thousand queries per day, just this morning:
root@portal ~#
journalctl | grep AUDIT | grep sogo| grep 'Mar 16' | wc -l
4393
I really wonder why those binaries are opening the root ("/") folder,
even for reading and getting the attributes.
- What is the point of doing this?
- Is this a bug?
- Is this fixed in the version 4?
Thanks a lot for your support. Your work is very valuable and will make
people life easier.
Kind regards,
André
--
https://github.com/progmaticltd/homebox
--
users@sogo.nu
https://inverse.ca/sogo/lists
