Your message dated Tue, 31 Mar 2020 11:48:39 +0000 with message-id <[email protected]> and subject line Bug#953268: fixed in apparmor 2.13.4-1 has caused the Debian Bug report #953268, regarding apparmor-profiles: fails to copy usr.lib.dovecot.stats leading to "profile transition not found" to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 953268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953268 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: apparmor-profiles Version: 2.13.2-10 Severity: normal Dear Maintainer, After enforcing the Dovecot profiles, messages like the following appear in syslog: Mar 2 21:29:32 zhouzhou systemd[1]: Started Dovecot IMAP/POP3 email server. Mar 2 21:29:33 zhouzhou dovecot: master: Dovecot v2.3.4.1 (f79e8e7e4) starting up for pop3 (core dumps disabled) Mar 2 21:29:36 zhouzhou kernel: [691833.564510] audit: type=1400 audit(1583184576.621:871): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="dovecot" name="/usr/lib/dovecot/stats" pid=5642 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/dovecot/stats" Mar 2 21:29:36 zhouzhou dovecot: master: Fatal: execv(/usr/lib/dovecot/stats) failed: Permission denied Mar 2 21:29:36 zhouzhou dovecot: master: Error: service(stats): command startup failed, throttling for 2 secs Mar 2 21:29:36 zhouzhou dovecot: stats: Fatal: master: service(stats): child 5642 returned error 84 (exec() failed) Mar 2 21:29:38 zhouzhou kernel: [691835.581584] audit: type=1400 audit(1583184578.641:872): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="dovecot" name="/usr/lib/dovecot/stats" pid=5644 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/lib/dovecot/stats" Mar 2 21:29:38 zhouzhou dovecot: master: Fatal: execv(/usr/lib/dovecot/stats) failed: Permission denied Mar 2 21:29:38 zhouzhou dovecot: master: Error: service(stats): command startup failed, throttling for 4 secs Mar 2 21:29:38 zhouzhou dovecot: stats: Fatal: master: service(stats): child 5644 returned error 84 (exec() failed) It seems this is caused by a missing profile file: /etc/apparmor.d/usr.lib.dovecot.stats which I should normally be able to copy from: /usr/share/apparmor/extra-profiles/usr.lib.dovecot.stats but that file is missing as well. The profile was introduced in upstream commit 36bdd6ea of 2018-04-13 and has been included in the source of the Debian package since version 2.13: https://salsa.debian.org/apparmor-team/apparmor/-/commit/36bdd6ea7011455f94106e6ea6d4aad626863815 However, during package installation, the profile file does not get installed together with the other Dovecot profiles, probably because it has not been added to the package installation scripts yet: https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/release-2.13.2-10/debian/apparmor-profiles.maintscript https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/release-2.13.2-10/debian/apparmor-profiles.install https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/release-2.13.2-10/debian/copyright This is also the case in current master on salsa.debian.org. Because the necessary fix is obvious and I lack the time and specific knowledge about this package for extensive testing of the change, I do not provide a patch with this bug report. Feel free to ask, though, if needed and I will see what I can do. As a workaround, current users can download the file from: https://salsa.debian.org/apparmor-team/apparmor/-/blob/debian/release-2.13.2-10/profiles/apparmor.d/usr.lib.dovecot.stats to: /usr/share/apparmor/extra-profiles/usr.lib.dovecot.stats and then copy it to: /etc/apparmor.d/usr.lib.dovecot.stats A restart or reload of apparmor and dovecot may be necessary. Thanks, best regards, Peter Nowee -- System Information: Debian Release: 10.3 Versions of packages apparmor-profiles depends on: ii apparmor 2.13.2-10
--- End Message ---
--- Begin Message ---Source: apparmor Source-Version: 2.13.4-1 Done: intrigeri <[email protected]> We believe that the bug you reported is fixed in the latest version of apparmor, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. intrigeri <[email protected]> (supplier of updated apparmor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Mar 2020 08:45:58 +0000 Source: apparmor Architecture: source Version: 2.13.4-1 Distribution: unstable Urgency: medium Maintainer: Debian AppArmor Team <[email protected]> Changed-By: intrigeri <[email protected]> Closes: 953268 Changes: apparmor (2.13.4-1) unstable; urgency=medium . * New upstream release * Switch to HTTPS for upstream homepage URL * apparmor-profiles: install missing usr.lib.dovecot.stats profile (Closes: #953268) * Drop backported patches that are now obsolete. * Cherry-picked from Ubuntu: - Update ibus abstract path for ibus 1.5.22 - debian/control: drop Breaks that were only needed for upgrades to bionic * Drop obsolete Lintian overrides * Add python3-all to Build-Depends * Override Lintian false positive * Declare compliance with Policy 4.5.0 * Apply upstream !464: let Mesa check if the kernel supports the i915 perf interface Checksums-Sha1: 79cb15a0b3047d69a9e84cf6ed60cb4d96572429 3019 apparmor_2.13.4-1.dsc f716775cc12c429bf2b0ed8d6342be5318ae426e 7390179 apparmor_2.13.4.orig.tar.gz ab392b9987ce50ea4538887f6502982067f689e9 870 apparmor_2.13.4.orig.tar.gz.asc 90c60ec86ac94d43fcb35609d7e316807b10d376 99088 apparmor_2.13.4-1.debian.tar.xz Checksums-Sha256: 332b5d40bb32b462ebd713e26dce83465ae553805fc2b80d86abf469addb6eb5 3019 apparmor_2.13.4-1.dsc 90bf86c07ffbe2c22be46d75c7345fad12d5911653c59750a37d59c63ad5d10e 7390179 apparmor_2.13.4.orig.tar.gz 9bf25d12b9321eccac162e4314a3965892ce2ce7f35400519a1cc00d60186615 870 apparmor_2.13.4.orig.tar.gz.asc 2f5373b72479584aaefbea4a11c8bb35cfecbb869de4b4daa8da090de97126aa 99088 apparmor_2.13.4-1.debian.tar.xz Files: 3904ba7e82916d5c23b96e2815bcf2b4 3019 admin optional apparmor_2.13.4-1.dsc a50b793a3362551f07733be3df9c328f 7390179 admin optional apparmor_2.13.4.orig.tar.gz 6cede19e17b69b402cace8d124229625 870 admin optional apparmor_2.13.4.orig.tar.gz.asc c179462d3591e687e60e46aaa04501f4 99088 admin optional apparmor_2.13.4-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iIsEARYKADMWIQSGvLSmLC5eAlTqE6j4rL85wumaPgUCXoMnbhUcaW50cmlnZXJp QGRlYmlhbi5vcmcACgkQ+Ky/OcLpmj4d/AD/RU0pKzDs2S7Eog8OsSclNYesN7IU Yr8wCHAGPN4ahqIA/i7kwaPNibMzsvJdnIWN1SmgTCcWuWVLyfX/BdVucmwD =TQj3 -----END PGP SIGNATURE-----
--- End Message ---
