Bug#941118: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl
Martin Steigerwald - 25.09.19, 09:32:15 CEST:
> Package: akonadi-server
> Version: 4:18.08.3-8
> Severity: important
[…]
> I upgraded and then rebooted the system.
>
> After upgrading to Akonadi 4:18.08.3-8, Akonadi does not start
> anymore:
>
> % akonadictl start
> Connecting to deprecated signal
> QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString
> ) org.kde.pim.akonadicontrol: Application 'akonadiserver' exited
> normally...
>
> I believe the failure may be due to this:
>
> Sep 25 09:21:06 merkaba kernel: [ 266.556167][ T37] audit:
> type=1400 audit(1569396066.434:45): apparmor="DENIED"
> operation="exec" profile="postgresql_akonadi" name="/bin/dash"
> pid=3833 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000
> ouid=0
[…]
> Also setting to complain mode does not help:
>
> % aa-complain postgresql_akonadi
> Setting /etc/apparmor.d/postgresql_akonadi to complain mode.
>
> Although access does get allowed then:
>
> Sep 25 09:30:14 merkaba kernel: [ 814.345508][ T37] audit:
> type=1400 audit(1569396614.227:51): apparmor="ALLOWED"
> operation="exec" profile="postgresql_akonadi" name="/bin/dash"
> pid=5328 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000
> ouid=0 target="postgresql_akonadi//null-/bin/dash"
Oh, it does help. Akonadi starts again, just did not notice it
initially.
The pattern in
% grep pg_ctl /etc/apparmor.d/postgresql_akonadi
/usr/lib/postgresql/*/bin/pg_ctl mrix,
seems to be okay tough:
% ls -l /usr/lib/postgresql/*/bin/pg_ctl
-rwxr-xr-x 1 root root 59888 Sep 24 22:09 /usr/lib/postgresql/11/bin/
pg_ctl
However I am no AppArmor expert…
Best,
--
Martin
Reply to: