After upgrade to Tumbleweed 20171120 dovecot fails to start

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

After upgrade to Tumbleweed 20171120 dovecot fails to start

Freek de Kruijf
I have the following messages in the dovecot log:

nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create directory: /
home/freek/.local/share because: 13-Permission denied
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file: /home/
freek/.local/share/kwalletd/kdewallet.salt because: 13-Permission denied
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5-kwalletd: Couldn't create or
read the salt file
nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth): pam_kwallet5:
Fail into creating the hash

These files have me as owner and group users.
drwxr-xr-x is for folder /home/freek/.local/share
-rw------- is for file /home/freek/.local/share/kwalletd/kdewallet.salt

Looks like auth does get get the characteristics of my account.

--
fr.gr.

member openSUSE
Freek de Kruijf

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to Tumbleweed 20171120 dovecot fails to start

Christian Boltz-5
Hello,

Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:

> I have the following messages in the dovecot log:
>
> nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create
> directory: / home/freek/.local/share because: 13-Permission denied
> nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file:
> /home/ freek/.local/share/kwalletd/kdewallet.salt because:
> 13-Permission denied nov 22 14:43:40 eiktum auth[11418]:
> pam_kwallet5-kwalletd: Couldn't create or read the salt file
> nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth):
> pam_kwallet5: Fail into creating the hash
>
> These files have me as owner and group users.
> drwxr-xr-x is for folder /home/freek/.local/share
> -rw------- is for file
> /home/freek/.local/share/kwalletd/kdewallet.salt
>
> Looks like auth does get get the characteristics of my account.

I'm slightly surprised to see pam_kwallet5 in your log lines, therefore
I'm not sure if my answer really applies, but nevertheless:

Dovecot is confined by a set of AppArmor profiles by default. Can you
please check your /var/log/audit/audit.log if you see any lines with
    apparmor="DENIED"

If you don't have auditd running (and therefore don't have audit.log),
you can also check the syslog or the dmesg output.


Regards,

Christian Boltz
--
Mmh. Nachdem alle hier anscheinend Mutt verwenden habe ich mal einen
Blick draufgeworfen. Dafür braucht man entweder ein Studium (Schwerpunkt
Mutt) oder viel Zeit. Mal sehen was ich zuerst habe.
[Christian Wunderlich in suse-linux]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to Tumbleweed 20171120 dovecot fails to start

Freek de Kruijf
Op donderdag 23 november 2017 00:10:02 CET schreef Christian Boltz:

> Hello,
>
> Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
> > I have the following messages in the dovecot log:
> >
> > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create
> > directory: / home/freek/.local/share because: 13-Permission denied
> > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file:
> > /home/ freek/.local/share/kwalletd/kdewallet.salt because:
> > 13-Permission denied nov 22 14:43:40 eiktum auth[11418]:
> > pam_kwallet5-kwalletd: Couldn't create or read the salt file
> > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth):
> > pam_kwallet5: Fail into creating the hash
> >
> > These files have me as owner and group users.
> > drwxr-xr-x is for folder /home/freek/.local/share
> > -rw------- is for file
> > /home/freek/.local/share/kwalletd/kdewallet.salt
> >
> > Looks like auth does get get the characteristics of my account.
>
> I'm slightly surprised to see pam_kwallet5 in your log lines, therefore
> I'm not sure if my answer really applies, but nevertheless:
>
> Dovecot is confined by a set of AppArmor profiles by default. Can you
> please check your /var/log/audit/audit.log if you see any lines with
>     apparmor="DENIED"

Yes, I do have a lot of lines in there with DENIED. Just a few:

type=AVC msg=audit(1511388209.179:54): apparmor="DENIED" operation="mknod"
profile="/usr/sbin/nscd" name="/var/lib/nscd/netgroup" pid=1101 comm="nscd"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
type=AVC msg=audit(1511388322.293:92): apparmor="DENIED" operation="capable"
profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=2  
capname="dac_read_search"
type=AVC msg=audit(1511388322.293:93): apparmor="DENIED" operation="capable"
profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=1  
capname="dac_override"
type=AVC msg=audit(1511388386.515:100): apparmor="DENIED" operation="signal"
profile="/usr/sbin/dovecot" pid=1669 comm="dovecot" requested_mask="send"
denied_mask="send" signal=rtmin+1770224144 peer="/usr/lib/dovecot/auth"
 
> If you don't have auditd running (and therefore don't have audit.log),
> you can also check the syslog or the dmesg output.
>
>
> Regards,
>
> Christian Boltz

The strange thing is that after a reboot I now can access my email via this
dovecot. So the problem might be present much earlier than today.

--
fr.gr.

Freek de Kruijf
member openSUSE

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to Tumbleweed 20171120 dovecot fails to start

Freek de Kruijf
Op donderdag 23 november 2017 00:36:12 CET schreef Freek de Kruijf:

> Op donderdag 23 november 2017 00:10:02 CET schreef Christian Boltz:
> > Hello,
> >
> > Am Mittwoch, 22. November 2017, 16:44:32 CET schrieb Freek de Kruijf:
> > > I have the following messages in the dovecot log:
> > >
> > > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't create
> > > directory: / home/freek/.local/share because: 13-Permission denied
> > > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5: Couldn't open file:
> > > /home/ freek/.local/share/kwalletd/kdewallet.salt because:
> > > 13-Permission denied nov 22 14:43:40 eiktum auth[11418]:
> > > pam_kwallet5-kwalletd: Couldn't create or read the salt file
> > > nov 22 14:43:40 eiktum auth[11418]: pam_kwallet5(dovecot:auth):
> > > pam_kwallet5: Fail into creating the hash
> > >
> > > These files have me as owner and group users.
> > > drwxr-xr-x is for folder /home/freek/.local/share
> > > -rw------- is for file
> > > /home/freek/.local/share/kwalletd/kdewallet.salt
> > >
> > > Looks like auth does get get the characteristics of my account.
> >
> > I'm slightly surprised to see pam_kwallet5 in your log lines, therefore
> > I'm not sure if my answer really applies, but nevertheless:
> >
> > Dovecot is confined by a set of AppArmor profiles by default. Can you
> > please check your /var/log/audit/audit.log if you see any lines with
> >
> >     apparmor="DENIED"
>
> Yes, I do have a lot of lines in there with DENIED. Just a few:
>
> type=AVC msg=audit(1511388209.179:54): apparmor="DENIED" operation="mknod"
> profile="/usr/sbin/nscd" name="/var/lib/nscd/netgroup" pid=1101 comm="nscd"
> requested_mask="c" denied_mask="c" fsuid=0 ouid=0
> type=AVC msg=audit(1511388322.293:92): apparmor="DENIED" operation="capable"
> profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=2
> capname="dac_read_search"
> type=AVC msg=audit(1511388322.293:93): apparmor="DENIED" operation="capable"
> profile="/usr/lib/dovecot/auth" pid=3323 comm="auth" capability=1
> capname="dac_override"
> type=AVC msg=audit(1511388386.515:100): apparmor="DENIED" operation="signal"
> profile="/usr/sbin/dovecot" pid=1669 comm="dovecot" requested_mask="send"
> denied_mask="send" signal=rtmin+1770224144 peer="/usr/lib/dovecot/auth"
> > If you don't have auditd running (and therefore don't have audit.log),
> > you can also check the syslog or the dmesg output.
> >
> >
> > Regards,
> >
> > Christian Boltz
>
> The strange thing is that after a reboot I now can access my email via this
> dovecot. So the problem might be present much earlier than today.

BTW. I made bug report:

https://bugzilla.opensuse.org/show_bug.cgi?id=1069470

--
fr.gr.

Freek de Kruijf

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: After upgrade to Tumbleweed 20171120 dovecot fails to start

Christian Boltz-5
Hello,

Am Donnerstag, 23. November 2017, 12:25:19 CET schrieb Freek de Kruijf:
> Op donderdag 23 november 2017 00:36:12 CET schreef Freek de Kruijf:

> > Yes, I do have a lot of lines in there with DENIED. Just a few:
[...]
> BTW. I made bug report:
>
> https://bugzilla.opensuse.org/show_bug.cgi?id=1069470

Thanks! I answered in the bugreport to have everything at one place.


Regards,

Christian Boltz
--
Weitere üble Beschimpfungen bitte selber einfügen, mehr fällt mir im
Moment nicht ein.  [Bernd Brodesser zu Henne Vogelsang in suse-talk]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]