Re: Indexer worker small bug
On 2018-12-10 14:12, André via dovecot wrote: Hello Timo, I will try this evening. Kind regards, André. On 10 December 2018 07:56:26 GMT+00:00, Timo Sirainen wrote: On 10 Dec 2018, at 7.50, André Rodier wrote: On 2018-12-09 23:13, Timo Sirainen wrote: On 9 Dec 2018, at 16.44, André Rodier via dovecot wrote: Hello, I think I submitted this before, but I am not sure this has been addressed I am using AppArmor with Dovecot, without any issue. However, I think there is a bug in the indexer working, from what I can see, a missing trailing slash. See: Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. Can someone double check the code of the indexer worker, or this has been fixed? Dovecot is definitely not trying to open that file itself. It has to be libc or some other library. I also can't think of anything special in indexer-worker compared to other Dovecot binaries that could cause this. What's your doveconf -n? You are probably right, I will continue to investigate on my side. My configuration is attached. Does it make a difference if you use "127.0.0.1" instead of "localhost" in fts_solr setting? Sorry for the top-posting. Same error, with 127.0.0.1. However, if I disable the nscd cache in nscd.conf, the error does not happen any more. I have downloaded the source code (glibc, if I understand correctly), but I have not yet found the cause. Kind regards, André
Re: Indexer worker small bug
Hello Timo, I will try this evening. Kind regards, André. On 10 December 2018 07:56:26 GMT+00:00, Timo Sirainen wrote: >On 10 Dec 2018, at 7.50, André Rodier wrote: >> >> On 2018-12-09 23:13, Timo Sirainen wrote: >>> On 9 Dec 2018, at 16.44, André Rodier via dovecot > wrote: Hello, I think I submitted this before, but I am not sure this has been >addressed I am using AppArmor with Dovecot, without any issue. However, I think there is a bug in the indexer working, from what I >can see, a missing trailing slash. See: Dec 09 14:35:53 portal2 kernel: audit: type=1400 >audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" >info="Failed name lookup - disconnected path" error=-13 >profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" >pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" >fsuid=1001 ouid=0 The indexer worker is trying to open the file >"var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of >course fails. Can someone double check the code of the indexer worker, or this >has been fixed? >>> Dovecot is definitely not trying to open that file itself. It has to >>> be libc or some other library. I also can't think of anything >special >>> in indexer-worker compared to other Dovecot binaries that could >cause >>> this. What's your doveconf -n? >> >> You are probably right, I will continue to investigate on my side. >> My configuration is attached. > >Does it make a difference if you use "127.0.0.1" instead of "localhost" >in fts_solr setting? -- André
Re: Indexer worker small bug
On 10 Dec 2018, at 7.50, André Rodier wrote: > > On 2018-12-09 23:13, Timo Sirainen wrote: >> On 9 Dec 2018, at 16.44, André Rodier via dovecot >> wrote: >>> Hello, >>> I think I submitted this before, but I am not sure this has been addressed >>> I am using AppArmor with Dovecot, without any issue. >>> However, I think there is a bug in the indexer working, from what I can >>> see, a missing trailing slash. See: >>> >>> Dec 09 14:35:53 portal2 kernel: audit: type=1400 >>> audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" >>> info="Failed name lookup - disconnected path" error=-13 >>> profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" >>> pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" >>> fsuid=1001 ouid=0 >>> >>> The indexer worker is trying to open the file "var/cache/nscd/hosts" >>> instead of "/var/cache/nscd/hosts", which of course fails. >>> Can someone double check the code of the indexer worker, or this has been >>> fixed? >> Dovecot is definitely not trying to open that file itself. It has to >> be libc or some other library. I also can't think of anything special >> in indexer-worker compared to other Dovecot binaries that could cause >> this. What's your doveconf -n? > > You are probably right, I will continue to investigate on my side. > My configuration is attached. Does it make a difference if you use "127.0.0.1" instead of "localhost" in fts_solr setting?
Re: Indexer worker small bug
On 2018-12-09 23:13, Timo Sirainen wrote:
On 9 Dec 2018, at 16.44, André Rodier via dovecot
wrote:
Hello,
I think I submitted this before, but I am not sure this has been
addressed
I am using AppArmor with Dovecot, without any issue.
However, I think there is a bug in the indexer working, from what I
can see, a missing trailing slash. See:
Dec 09 14:35:53 portal2 kernel: audit: type=1400
audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap"
info="Failed name lookup - disconnected path" error=-13
profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts"
pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r"
fsuid=1001 ouid=0
The indexer worker is trying to open the file "var/cache/nscd/hosts"
instead of "/var/cache/nscd/hosts", which of course fails.
Can someone double check the code of the indexer worker, or this has
been fixed?
Dovecot is definitely not trying to open that file itself. It has to
be libc or some other library. I also can't think of anything special
in indexer-worker compared to other Dovecot binaries that could cause
this. What's your doveconf -n?
You are probably right, I will continue to investigate on my side.
My configuration is attached.
--
https://github.com/progmaticltd/homebox# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = yes
lmtp_save_to_detail_mailbox = yes
mail_debug = yes
mail_plugins = " quota fts fts_solr"
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve
namespace inbox {
inbox = yes
location = maildir:~/mails/maildir:INDEX=~/mails/indexes/
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
fts = solr
fts_decoder = decode2text
fts_index_timeout = 60
fts_solr = url=http://localhost:8080/solr/
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_from = *
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
imapsieve_mailbox3_after = file:/etc/dovecot/sieve/duplicate-checks.sieve
imapsieve_mailbox3_causes = APPEND
imapsieve_mailbox3_from = *
imapsieve_mailbox3_name = INBOX
imapsieve_mailbox4_after = file:/etc/dovecot/sieve/sent-checks.sieve
imapsieve_mailbox4_causes = APPEND
imapsieve_mailbox4_from = Sent
imapsieve_mailbox4_name = *
imapsieve_mailbox5_after = file:/etc/dovecot/sieve/tags-important.sieve
imapsieve_mailbox5_causes = APPEND, COPY
imapsieve_mailbox5_from = *
imapsieve_mailbox5_name = Important
quota = maildir:user-quota
quota_rule = *:storage=500M
recipient_delimiter = ~
sieve = file:~/mails/sieve;active=~/mails/sieve/active.sieve
sieve_before = file:/etc/dovecot/sieve/before-global.sieve
sieve_default_name = default
sieve_global = /etc/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_trace_addresses = yes
sieve_trace_debug = yes
sieve_trace_dir = ~/mails/sieve/logs/
sieve_trace_level = commands
sieve_user_log = ~/mails/sieve/logs/main.log
}
protocols = " imap lmtp sieve pop3"
recipient_delimiter = ~
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service decode2text {
executable = script /usr/local/bin/decode2text
unix_listener decode2text {
mode = 0666
}
user = $default_internal_user
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service imap {
executable = imap
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service managesieve {
process_limit = 1024
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-warning {
executable = quota-status -p postfix
inet_listener {
port
Re: Indexer worker small bug
On 9 Dec 2018, at 16.44, André Rodier via dovecot wrote: > > Hello, > > I think I submitted this before, but I am not sure this has been addressed > > I am using AppArmor with Dovecot, without any issue. > > However, I think there is a bug in the indexer working, from what I can see, > a missing trailing slash. See: > > > Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): > apparmor="DENIED" operation="file_mmap" info="Failed name lookup - > disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" > name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" > requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 > > > The indexer worker is trying to open the file "var/cache/nscd/hosts" instead > of "/var/cache/nscd/hosts", which of course fails. > > Can someone double check the code of the indexer worker, or this has been > fixed? Dovecot is definitely not trying to open that file itself. It has to be libc or some other library. I also can't think of anything special in indexer-worker compared to other Dovecot binaries that could cause this. What's your doveconf -n?
Indexer worker small bug
Hello, I think I submitted this before, but I am not sure this has been addressed I am using AppArmor with Dovecot, without any issue. However, I think there is a bug in the indexer working, from what I can see, a missing trailing slash. See: Dec 09 14:35:53 portal2 kernel: audit: type=1400 audit(1544366153.379:3035): apparmor="DENIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. Can someone double check the code of the indexer worker, or this has been fixed? Thanks, André -- https://github.com/progmaticltd/homebox
