Hey intrigeri, I now pushed a first version of Akonadi with the new AppArmor profile, but as you see down here it fails and I'm not sure, what went wrong. What we need to do to debug this?
Those AppArmor profiles are in place: https://salsa.debian.org/qt-kde-team/kde/akonadi/blob/master/debian/apparmor/ usr.bin.akonadiserver https://salsa.debian.org/qt-kde-team/kde/akonadi/blob/master/debian/apparmor/ postgresql_akonadi hefee -- On Mittwoch, 25. September 2019 09:58:24 CEST Martin Steigerwald wrote: > > I upgraded and then rebooted the system. > > > > After upgrading to Akonadi 4:18.08.3-8, Akonadi does not start > > anymore: > > > > % akonadictl start > > Connecting to deprecated signal > > QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString > > ) org.kde.pim.akonadicontrol: Application 'akonadiserver' exited > > normally... > > > > I believe the failure may be due to this: > > > > Sep 25 09:21:06 merkaba kernel: [ 266.556167][ T37] audit: > > type=1400 audit(1569396066.434:45): apparmor="DENIED" > > operation="exec" profile="postgresql_akonadi" name="/bin/dash" > > pid=3833 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000 > > ouid=0 > > […] > > > Also setting to complain mode does not help: > > > > % aa-complain postgresql_akonadi > > Setting /etc/apparmor.d/postgresql_akonadi to complain mode. > > > > Although access does get allowed then: > > > > Sep 25 09:30:14 merkaba kernel: [ 814.345508][ T37] audit: > > type=1400 audit(1569396614.227:51): apparmor="ALLOWED" > > operation="exec" profile="postgresql_akonadi" name="/bin/dash" > > pid=5328 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000 > > ouid=0 target="postgresql_akonadi//null-/bin/dash" > > Oh, it does help. Akonadi starts again, just did not notice it > initially. > > The pattern in > > % grep pg_ctl /etc/apparmor.d/postgresql_akonadi > /usr/lib/postgresql/*/bin/pg_ctl mrix, > > seems to be okay tough: > > % ls -l /usr/lib/postgresql/*/bin/pg_ctl > -rwxr-xr-x 1 root root 59888 Sep 24 22:09 /usr/lib/postgresql/11/bin/ > pg_ctl > > However I am no AppArmor expert… > > Best,
signature.asc
Description: This is a digitally signed message part.
