Your message dated Sat, 11 Sep 2021 22:14:14 +0200
with message-id <[email protected]>
and subject line Re: Bug#987474: msmtp: Debian Buster MSMTP removal keep
corresponding Apparmor profile loaded
has caused the Debian Bug report #987474,
regarding msmtp: Debian Buster MSMTP removal keep corresponding Apparmor
profile loaded
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987474
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: msmtp
Version: 1.8.3-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 10.9
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-13-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Uninstalling MSMTP package keeps msmtp AppArmor profiles loaded, that results
in AppAmor permission denied problems with the sw-msmtp package shipped by
Plesk control panel (plesk.com) that replaces Debian 'msmtp'
==
kernel: [2993637.734566] audit: type=1400 audit(1619254176.743:36243):
apparmor="DENIED" operation="open" profile="/usr/bin/msmtp//helpers"
name="/dev/tty" pid=4820 comm="sh" requested_mask="wr" denied_mask="wr" fsuid=0
ouid=0
kernel: [2993637.735238] audit: type=1400 audit(1619254176.747:36244):
apparmor="DENIED" operation="exec" profile="/usr/bin/msmtp//helpers"
name="/usr/lib/plesk-9.0/msmtp-pwdeval" pid=4820 comm="sh" requested_mask="x"
denied_mask="x" fsuid=0 ouid=0
==
Steps to reproduce:
1) Install MSMTP on AppArmor enabled server
# apt install msmtp
2) Ensure that AppArmor MSMTP profiles are loaded
# aa-status| grep msmtp
/usr/bin/msmtp
/usr/bin/msmtp//helpers
3) Remove MSMTP
# apt purge msmtp
4) Query for AppArmor MSMTP profiles and they still loaded
# aa-status| grep msmtp
/usr/bin/msmtp
/usr/bin/msmtp//helpers
5) Check AppArmor cache
# ls /var/cache/apparmor/*/usr.bin.msmtp
Workaround is using 'aa-remove-unknown'
# aa-remove-unknown
Removing '/usr/bin/msmtp//helpers'
Removing '/usr/bin/msmtp'
Expected result:
MSMTP package removal removes and unload own AppArmor profiles
--- End Message ---
--- Begin Message ---
Hello,
On Sat, Apr 24, 2021 at 12:48:59PM +0000, Ian wrote:
[...]
> Uninstalling MSMTP package keeps msmtp AppArmor profiles loaded, that
> results in AppAmor permission denied problems with the sw-msmtp
> package shipped by Plesk control panel (plesk.com) that replaces
> Debian 'msmtp'
This is expected as the AppArmor profile is a conffile and will be
removed on package purge (not package removal).
Hence, I'm closing this bug. Feel free to reopen it if it deserves it.
Regards,
--
Emmanuel Bouthenot
mail: kolter@{openics,debian}.org gpg: 4096R/0x929D42C3
xmpp: [email protected] irc: kolter@{libera,oftc}
--- End Message ---
