Bug#918655: msmtp: Apparmor causing Permission denied when creating tmp files and logging

Mon, 07 Jan 2019 16:00:21 -0800 

Package: msmtp
Version: 1.8.1-1
Severity: important

Hello,

after yesterdays update I'm unable to use msmtp because of new apparmor
profile.

Error:

msmtp: cannot create temporary file: Permission denied

It looks like apparmor profile is expecting msmtp to create temporary files
with name
staring with "msmtp" which is not true (at least I can't see it in msmtp source
code).

Changing line to:

  owner /tmp/*   rw,

fixes problem for me.

Second issue is that I have log files in ~/.msmtp*.log which is maybe specific
to my
setup but it is widely used at least from various wikis and docs I saw.

I suggest to add line to fix this issue as well.

  owner @{HOME}/.msmtp*.log   rwk,

Btw. I think this is major change and should be announced through news
mechanism,
especially because many users have their own paths. I could save at least an
hour
when trying to find source of problem.

Cheers

Kepi



-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages msmtp depends on:
ii  debconf [debconf-2.0]  1.5.69
ii  libc6                  2.28-4
ii  libgnutls30            3.6.5-2
ii  libgsasl7              1.8.0-8+b2
ii  ucf                    3.0038+nmu1

Versions of packages msmtp recommends:
ii  ca-certificates  20180409

Versions of packages msmtp suggests:
pn  msmtp-mta  <none>

-- Configuration Files:
/etc/apparmor.d/usr.bin.msmtp changed:
/usr/bin/msmtp {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/p11-kit>
  #include <abstractions/ssl_certs>
  #include <abstractions/ssl_keys>
  /usr/bin/msmtp          r,
  /etc/aliases            r,
  /etc/msmtprc            r,
  /etc/netrc              r,
  owner @{HOME}/.msmtp*   r,
  owner @{HOME}/.msmtp*.log   rwk,
  owner @{HOME}/.netrc    r,
  owner @{HOME}/.tls-crls r,
  /tmp/                   rw,
  owner /tmp/*            rw,
  # to type password interactively
  owner /dev/pts/[0-9]*   rw,
  # secret helpers
  /usr/bin/secret-tool    PUx,
  /usr/bin/gpg{,2}        PUx,
  #include <local/usr.bin.msmtp>
}


-- debconf information excluded

Reply via email to