[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#941118: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl



Hi intrigeri, Sandro et al,

intrigeri - 05.10.19, 06:04:55 CEST:
> Hi Sandro et al,
> 
> Sandro Knauß:
> > I now pushed a first version of Akonadi with the new AppArmor
> > profile, but as you see down here it fails and I'm not sure, what
> > went wrong. What we need to do to debug this?
> 
> [...]
> 
> >> > I believe the failure may be due to this:
> >> > 
> >> > Sep 25 09:21:06 merkaba kernel: [  266.556167][   T37] audit:
> >> > type=1400 audit(1569396066.434:45): apparmor="DENIED"
> >> > operation="exec" profile="postgresql_akonadi" name="/bin/dash"
> >> > pid=3833 comm="pg_ctl" requested_mask="x" denied_mask="x"
> >> > fsuid=1000
> >> > ouid=0
> 
> https://salsa.debian.org/qt-kde-team/kde/akonadi/blob/master/debian/ap
> parmor/postgresql_akonadi#L12 reads:
> 
>   /usr/bin/dash mrix,
> 
> I believe this only does what you mean on a merged-/usr system.
> I suspect Martin is reporting from a system without merged-/usr.
> Replacing this line with that one should fix this particular problem:
> 
>   /{usr/,}bin/dash mrix,
> 
> Hoping it helps :)

Haha! Indeed. No merged-/usr here and after a time with Systemd now 
running on sysvinit + elogind.

I made this change and did "aa-enforce postgresql_akonadi".

Akonadi starts fine with that.
 
Thank you,
-- 
Martin


Reply to: