Re: [Dovecot] setacl fails - does not find dovecot-acl file
On Fri, 4 Nov 2011, Timo Sirainen wrote: > On Fri, 2011-11-04 at 21:29 +0100, Michael Stilkerich wrote: > > > Nov 4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking > > failed for file /home/dovecot/isa/dovecot.index.log: No such file or > > directory > > Nov 4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with > > file /home/dovecot/isa/dovecot.index.log: No such file or directory > > These simply shouldn't happen. I'd say it's a kernel bug. You're running > a default Ubuntu kernel? I wonder if other Ubuntu users have this > problem. I am seeing this same problem on Ubuntu 11.10 and 12.04 with stock kernels. The problem is clearly AppArmor related. The imap process seems to be using the "usr.sbin.dovecot" profile which prevents access to these files. There is a separate profile "usr.lib.dovecot.imap" but it seems that it does not get applied to the imap process for some odd reason. This is especially strange beacuse both profiles are enabled in "complain" and not in "enforce" mode, thus they should not enforce any of the rules. I am simultaneously getting messages similar to the following in my audit log: type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED" operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107//null-10b//null-118" name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937 comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 After disabling the "usr.sbin.dovecot" profile everything seems fine. Other dovecot related AppArmor profiles do not seem to cause problems. This looks like an issue in AppArmor to me... -- Janne Snabb / EPIPE Communications sn...@epipe.com - http://epipe.com/
Re: [Dovecot] setacl fails - does not find dovecot-acl file
Hi, On Nov 4, 2011, at 10:39 PM, Timo Sirainen wrote: >> Nov 4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking >> failed for file /home/dovecot/isa/dovecot.index.log: No such file or >> directory >> Nov 4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with >> file /home/dovecot/isa/dovecot.index.log: No such file or directory > > These simply shouldn't happen. I'd say it's a kernel bug. You're running > a default Ubuntu kernel? I wonder if other Ubuntu users have this > problem. It may be an apparmor issue. I noticed plenty of apparmor log entries on these accesses, though apparmor should only log but not disallow them. I have unloaded the dovecot apparmor profiles and not seen any of these errors since then. I got a new issue, however: I migrated from Maildir to mdbox. Since then, my shared mailboxes don't fully work anymore. I have given another user full rights to a shared mailbox (getacl returns akxeilprwtscd for that folder/user). The user sees the mailbox an can perform some operations including reading and deleting messages on it. If she tries to insert a new message, however, it fails and the error log shows: dovecot: imap(isa): Error: fcntl(write-lock) locking failed for file /home/dovecot/michael/storage/dovecot.map.index.log: Bad file descriptor dovecot: imap(isa): Error: mail_index_wait_lock_fd() failed with file /home/dovecot/michael/storage/dovecot.map.index.log: Bad file descriptor All my mail locations are owned by the respective system user and the mail group, and writeable by both. In particular, I checked that both the storage directory as well as the dovecot.map.index.log are writeable by the mail group. The users are not regular members of the mail group, but my dovecot config contains mail_access_groups = mail Any idea how to resolve this issue? -Mike smime.p7s Description: S/MIME cryptographic signature
Re: [Dovecot] setacl fails - does not find dovecot-acl file
On Fri, 2011-11-04 at 21:29 +0100, Michael Stilkerich wrote: > On 04.11.2011 20:47, Timo Sirainen wrote: > >> dovecot: imap(michael): Error: > >> > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > >> > or directory > > This is some weird filesystem? fstat() isn't supposed to ever fail with > > ENOENT. > > Nope, plain ext3. I have these issues since upgrading to Ubuntu 11.10, > which was a dovecot upgrade from 1.2.15 to 2.0.13. Currently I use a > self-built 2.0.15 dovecot. I'm still getting errors once in a while for > the dovecot.index.log file: > > Nov 4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking > failed for file /home/dovecot/isa/dovecot.index.log: No such file or > directory > Nov 4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with > file /home/dovecot/isa/dovecot.index.log: No such file or directory These simply shouldn't happen. I'd say it's a kernel bug. You're running a default Ubuntu kernel? I wonder if other Ubuntu users have this problem. > And occasionally I also get errors like: > > Nov 3 19:03:34 keira dovecot: imap(mikey): Error: Corrupted transaction > log file /home/dovecot/mikey/dovecot.index.log seq 15: offset points > outside file (32708 + 8 > 32708) (sync_offset=32800) > > I believe the latter was recently reported by someone else on this list > as well. The files are there, though I guess that dovecot recreates them > when the errors occurs so I don't know what the situation was by the > time the error occurred... Try if you can reproduce these more easily with imaptest? http://imapwiki.org/ImapTest Be sure to run it against a test account since it trashes the whole mailbox.
Re: [Dovecot] setacl fails - does not find dovecot-acl file
On 04.11.2011 20:47, Timo Sirainen wrote: dovecot: imap(michael): Error: > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > or directory This is some weird filesystem? fstat() isn't supposed to ever fail with ENOENT. Nope, plain ext3. I have these issues since upgrading to Ubuntu 11.10, which was a dovecot upgrade from 1.2.15 to 2.0.13. Currently I use a self-built 2.0.15 dovecot. I'm still getting errors once in a while for the dovecot.index.log file: Nov 4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking failed for file /home/dovecot/isa/dovecot.index.log: No such file or directory Nov 4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with file /home/dovecot/isa/dovecot.index.log: No such file or directory These errors occur regardless of the lock_method used. And occasionally I also get errors like: Nov 3 19:03:34 keira dovecot: imap(mikey): Error: Corrupted transaction log file /home/dovecot/mikey/dovecot.index.log seq 15: offset points outside file (32708 + 8 > 32708) (sync_offset=32800) I believe the latter was recently reported by someone else on this list as well. The files are there, though I guess that dovecot recreates them when the errors occurs so I don't know what the situation was by the time the error occurred... -Mike smime.p7s Description: S/MIME Cryptographic Signature
Re: [Dovecot] setacl fails - does not find dovecot-acl file
On Sat, 2011-10-22 at 15:16 +0200, Michael Stilkerich wrote: > dovecot: imap(michael): Error: > fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file > or directory This is some weird filesystem? fstat() isn't supposed to ever fail with ENOENT. > Another thing that irritates me is that dovecot seems to use the dotlock > locking method, although I explicitly set lock_method to > fcntl (also tried flock, same behavior). The lock_method setting only affects index files. There are several others that always use dotlocks, because they're rarely enough modified that the dotlock performance doesn't matter. That's also why I haven't bothered to set use_excl_lock for them.
Re: [Dovecot] setacl fails - does not find dovecot-acl file
Hi again, On 22.10.2011 15:16, Michael Stilkerich wrote: When I try to create an ACL in a telnet session, the command fails with an internal error. The log shows: dovecot: imap(michael): Error: fstat(/home/dovecot/michael/.test/dovecot-acl.lock) failed: No such file or directory dovecot: imap(michael): Error: file_dotlock_open(/home/dovecot/michael/.test/dovecot-acl) failed: No such file or directory I found that the problem seems to be the try_create_lock_hardlink() function, which is used to create the lock file. I don't now why it doesn't work, but if I modify the code of dotlock_create() to always use try_create_lock_excl() instead ignoring the setting of use_excl_lock in the dotlock_settings structure, it works just fine for me. I noticed in the log that the issue not only occurs with the dovecot-acl files but with other files, too, namely the dovecot.index.log and my acl_shared_dict file. Looking at the static dotlock_settings structure in the acl-file backend, I don't see how its use_excl_lock could possible be set to 1 by the configuration (i.e., it doesn't seem that the dotlock_use_excl configuration option is considered). For the maildirlock, an environment variable "DOTLOCK_USE_EXCL" is checked instead of the config setting. I'm not sure whether it is intentional that the hardlink variant is generally used in these cases. -Michael smime.p7s Description: S/MIME Cryptographic Signature
