Bug#941118: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl
Hi intrigeri, Sandro et al,
intrigeri - 05.10.19, 06:04:55 CEST:
> Hi Sandro et al,
>
> Sandro Knauß:
> > I now pushed a first version of Akonadi with the new AppArmor
> > profile, but as you see down here it fails and I'm not sure, what
> > went wrong. What we need to do to debug this?
>
> [...]
>
> >> > I believe the failure may be due to this:
> >> >
> >> > Sep 25 09:21:06 merkaba kernel: [ 266.556167][ T37] audit:
> >> > type=1400 audit(1569396066.434:45): apparmor="DENIED"
> >> > operation="exec" profile="postgresql_akonadi" name="/bin/dash"
> >> > pid=3833 comm="pg_ctl" requested_mask="x" denied_mask="x"
> >> > fsuid=1000
> >> > ouid=0
>
> https://salsa.debian.org/qt-kde-team/kde/akonadi/blob/master/debian/ap
> parmor/postgresql_akonadi#L12 reads:
>
> /usr/bin/dash mrix,
>
> I believe this only does what you mean on a merged-/usr system.
> I suspect Martin is reporting from a system without merged-/usr.
> Replacing this line with that one should fix this particular problem:
>
> /{usr/,}bin/dash mrix,
>
> Hoping it helps :)
Haha! Indeed. No merged-/usr here and after a time with Systemd now
running on sysvinit + elogind.
I made this change and did "aa-enforce postgresql_akonadi".
Akonadi starts fine with that.
Thank you,
--
Martin
Reply to: