subject:"\[Dovecot\] setacl fails \- does not find dovecot\-acl file"

Re: [Dovecot] setacl fails - does not find dovecot-acl file

2012-04-29 Thread Janne Snabb

On Fri, 4 Nov 2011, Timo Sirainen wrote:

 On Fri, 2011-11-04 at 21:29 +0100, Michael Stilkerich wrote:

  Nov  4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking 
  failed for file /home/dovecot/isa/dovecot.index.log: No such file or 
  directory
  Nov  4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with 
  file /home/dovecot/isa/dovecot.index.log: No such file or directory
 
 These simply shouldn't happen. I'd say it's a kernel bug. You're running
 a default Ubuntu kernel? I wonder if other Ubuntu users have this
 problem.

I am seeing this same problem on Ubuntu 11.10 and 12.04 with stock
kernels.

The problem is clearly AppArmor related. The imap process seems to
be using the usr.sbin.dovecot profile which prevents access to
these files. There is a separate profile usr.lib.dovecot.imap but
it seems that it does not get applied to the imap process for some
odd reason. This is especially strange beacuse both profiles are
enabled in complain and not in enforce mode, thus they should
not enforce any of the rules.

I am simultaneously getting messages similar to the following in
my audit log:

type=AVC msg=audit(1335712674.515:655016): apparmor=ALLOWED 
operation=getattr parent=10922 
profile=/usr/sbin/dovecot//null-107//null-10b//null-118 
name=/home/foobar/Maildir/.foobar/dovecot.index.log pid=10937 comm=imap 
requested_mask=r denied_mask=r fsuid=1000 ouid=1000

After disabling the usr.sbin.dovecot profile everything seems
fine. Other dovecot related AppArmor profiles do not seem to cause
problems.

This looks like an issue in AppArmor to me...

--
Janne Snabb / EPIPE Communications
sn...@epipe.com - http://epipe.com/

Re: [Dovecot] setacl fails - does not find dovecot-acl file

2011-11-10 Thread Michael Stilkerich

Hi,

On Nov 4, 2011, at 10:39 PM, Timo Sirainen wrote:

 Nov  4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking 
 failed for file /home/dovecot/isa/dovecot.index.log: No such file or 
 directory
 Nov  4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with 
 file /home/dovecot/isa/dovecot.index.log: No such file or directory
 
 These simply shouldn't happen. I'd say it's a kernel bug. You're running
 a default Ubuntu kernel? I wonder if other Ubuntu users have this
 problem.

It may be an apparmor issue. I noticed plenty of apparmor log entries on these 
accesses, though apparmor should only log but not disallow them. I have 
unloaded the dovecot apparmor profiles and not seen any of these errors since 
then.

I got a new issue, however: I migrated from Maildir to mdbox. Since then, my 
shared mailboxes don't fully work anymore.

I have given another user full rights to a shared mailbox (getacl returns 
akxeilprwtscd for that folder/user). The user sees the mailbox an can perform 
some operations including reading and deleting messages on it. If she tries to 
insert a new message, however, it fails and the error log shows:

dovecot: imap(isa): Error: fcntl(write-lock) locking failed for file 
/home/dovecot/michael/storage/dovecot.map.index.log: Bad file descriptor
dovecot: imap(isa): Error: mail_index_wait_lock_fd() failed with file 
/home/dovecot/michael/storage/dovecot.map.index.log: Bad file descriptor

All my mail locations are owned by the respective system user and the mail 
group, and writeable by both. In particular, I checked that both the storage 
directory as well as the dovecot.map.index.log are writeable by the mail group.

The users are not regular members of the mail group, but my dovecot config 
contains

mail_access_groups = mail

Any idea how to resolve this issue?

-Mike

smime.p7s
Description: S/MIME cryptographic signature

Re: [Dovecot] setacl fails - does not find dovecot-acl file

2011-11-04 Thread Timo Sirainen

On Fri, 2011-11-04 at 21:29 +0100, Michael Stilkerich wrote:
 On 04.11.2011 20:47, Timo Sirainen wrote:
  dovecot: imap(michael): Error:
fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file
or directory
  This is some weird filesystem? fstat() isn't supposed to ever fail with
  ENOENT.
 
 Nope, plain ext3. I have these issues since upgrading to Ubuntu 11.10, 
 which was a dovecot upgrade from 1.2.15 to 2.0.13. Currently I use a 
 self-built 2.0.15 dovecot. I'm still getting errors once in a while for 
 the dovecot.index.log file:
 
 Nov  4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking 
 failed for file /home/dovecot/isa/dovecot.index.log: No such file or 
 directory
 Nov  4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with 
 file /home/dovecot/isa/dovecot.index.log: No such file or directory

These simply shouldn't happen. I'd say it's a kernel bug. You're running
a default Ubuntu kernel? I wonder if other Ubuntu users have this
problem.

 And occasionally I also get errors like:
 
 Nov  3 19:03:34 keira dovecot: imap(mikey): Error: Corrupted transaction 
 log file /home/dovecot/mikey/dovecot.index.log seq 15: offset points 
 outside file (32708 + 8  32708) (sync_offset=32800)
 
 I believe the latter was recently reported by someone else on this list 
 as well. The files are there, though I guess that dovecot recreates them 
 when the errors occurs so I don't know what the situation was by the 
 time the error occurred...

Try if you can reproduce these more easily with imaptest?
http://imapwiki.org/ImapTest Be sure to run it against a test account
since it trashes the whole mailbox.

Re: [Dovecot] setacl fails - does not find dovecot-acl file

2011-10-22 Thread Michael Stilkerich


Hi again,

On 22.10.2011 15:16, Michael Stilkerich wrote:


When I try to create an ACL in a telnet session, the command fails with
an internal error. The log shows:

dovecot: imap(michael): Error:
fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file
or directory
dovecot: imap(michael): Error:
file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No
such file or directory


 I found that the problem seems to be the try_create_lock_hardlink() 
function, which is used to create the lock file. I don't now why it
doesn't work, but if I modify the code of dotlock_create() to always use 
try_create_lock_excl() instead ignoring the setting of use_excl_lock in 
the dotlock_settings structure, it works just fine for me.


I noticed in the log that the issue not only occurs with the dovecot-acl 
files but with other files, too, namely the

dovecot.index.log and my acl_shared_dict file.

Looking at the static dotlock_settings structure in the acl-file 
backend, I don't see how its use_excl_lock could possible be set to 1 by 
the configuration (i.e., it doesn't seem that the dotlock_use_excl
configuration option is considered). For the maildirlock, an environment 
variable DOTLOCK_USE_EXCL is checked instead of the

config setting. I'm not sure whether it is intentional that the hardlink
variant is generally used in these cases.

-Michael



smime.p7s
Description: S/MIME Cryptographic Signature

[Dovecot] setacl fails - does not find dovecot-acl file

2011-10-22 Thread Michael Stilkerich


Hi,

  I'm using dovecot 2.0.13 that ships with Ubuntu 11.10.
I tried setting up a shared namespace as documented in the wiki to 
enable the sharing of a mailbox between two users.


I have a Maildir(++) directory for each user. Each user has a system 
account. The Maildir of each user is owned by the user's system account

and group read/writable by the group mail (hence mail_access_groups=mail).

Relevant parts of my config:

mail_plugins = acl
mail_location = maildir:/home/dovecot/%u
mail_access_groups = mail

namespace {
  type = private
  separator = /
  prefix =
  inbox = yes
  hidden = no
  subscriptions = yes
}
namespace {
  type = shared
  separator = /
  prefix = shared/%%u/
  location = maildir:/home/dovecot/%%u:INDEX=/home/dovecot/%u/shared/%%u
  subscriptions = no
  list = children
}

protocol imap {
  mail_plugins = $mail_plugins imap_acl
}

plugin {
  acl = vfile
}
plugin {
  acl_shared_dict = file:/home/dovecot/shared-mailboxes
}

When I try to create an ACL in a telnet session, the command fails with 
an internal error. The log shows:


dovecot: imap(michael): Error: 
fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file 
or directory
dovecot: imap(michael): Error: 
file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No 
such file or directory


The error occurs whether a (manually created) dovecot-acl file exists or 
not. The dovecot-acl.lock file is created by not removed afterwards.
Subsequent setacl commands will timeout waiting for the lock to be 
released until I delete it manually.


If I create the dovecot-acl file manually and provide access to another 
user, the getacl command will correctly show the permissions and the 
other user can access the folder. setacl will still fail to modify the 
acl file, however (same error).


Another thing that irritates me is that dovecot seems to use the dotlock 
locking method, although I explicitly set lock_method to

fcntl (also tried flock, same behavior).

I'm not using chroot.

I appreciate any help to get this sorted out.

Thanks,
  Michael




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [Dovecot] setacl fails - does not find dovecot-acl file

Re: [Dovecot] setacl fails - does not find dovecot-acl file

Re: [Dovecot] setacl fails - does not find dovecot-acl file

Re: [Dovecot] setacl fails - does not find dovecot-acl file

[Dovecot] setacl fails - does not find dovecot-acl file

5 matches

Site Navigation

Mail list logo

Footer information