Bug#933761: AppArmor configuration doesn't cover LDAP

Martin Wolf Fri, 02 Aug 2019 16:51:55 -0700

Package: kopano-server
Version: 8.7.0-3

The default AppArmor configuration file /etc/apparmor.d/usr.sbin.kopano-server 
doesn't cover the default LDAP configuration files, which are left by default 
in /usr/share/kopano/ldap.*.cfg and just included from /etc/kopano/ldap.cfg 
(which is the Kopano recommendation).


Adding "/usr/share/kopano/ldap.*.cfg r," to 
/etc/apparmor.d/usr.sbin.kopano-server seems to help.

Error without the modified AppArmor policy:
 
Aug  3 01:22:19 kernel: [1053287.305384] audit: type=1400 
audit(1564788139.240:75): apparmor="DENIED" operation="open" 
profile="/usr/sbin/kopano-server" 
name="/usr/share/kopano/ldap.active-directory.cfg" pid=25904 comm=7A2D733A20 
requested_mask= "r" denied_mask="r" fsuid=110 ouid=0

Linux 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19) x86_64 
GNU/Linux

Bug#933761: AppArmor configuration doesn't cover LDAP

Reply via email to