Your message dated Mon, 07 Oct 2019 00:30:39 +0200 with message-id <4332771.cx6hI3ZLRH@tuxin> and subject line Re: Bug#941118: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl has caused the Debian Bug report #941118, regarding akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 941118: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941118 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl
- From: Martin Steigerwald <Martin@Lichtvoll.de>
- Date: Wed, 25 Sep 2019 09:32:15 +0200
- Message-id: <156939673518.3735.4936801646484208903.reportbug@merkaba.lichtvoll>
Package: akonadi-server Version: 4:18.08.3-8 Severity: important Dear Sandro, I was tempted to raise severity to grave, but then thought that this may just happen on my system. Severity can still be raised if it happens on other systems as well. It may refuse to start on all setups using PostgreSQL backend, see below. I upgraded and then rebooted the system. After upgrading to Akonadi 4:18.08.3-8, Akonadi does not start anymore: % akonadictl start Connecting to deprecated signal QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString) org.kde.pim.akonadicontrol: Application 'akonadiserver' exited normally... I believe the failure may be due to this: Sep 25 09:21:06 merkaba kernel: [ 266.556167][ T37] audit: type=1400 audit(1569396066.434:45): apparmor="DENIED" operation="exec" profile="postgresql_akonadi" name="/bin/dash" pid=3833 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 However when I use: % aa-disable postgresql_akonadi Disabling /etc/apparmor.d/postgresql_akonadi. I can still not start Akonadi – same console output as before, syslog output: Sep 25 09:27:17 merkaba kernel: [ 637.670793][ T37] audit: type=1400 audit(1569396437.550:46): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="postgresql_akonadi" pid=5247 comm="apparmor_parser" Sep 25 09:27:26 merkaba kernel: [ 647.098937][ T37] audit: type=1400 audit(1569396446.978:47): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="/usr/bin/akonadiserver" name="/usr/lib/postgresql/11/bin/pg_ctl" pid=5261 comm="akonadiserver" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Also setting to complain mode does not help: % aa-complain postgresql_akonadi Setting /etc/apparmor.d/postgresql_akonadi to complain mode. Although access does get allowed then: Sep 25 09:30:14 merkaba kernel: [ 814.345508][ T37] audit: type=1400 audit(1569396614.227:51): apparmor="ALLOWED" operation="exec" profile="postgresql_akonadi" name="/bin/dash" pid=5328 comm="pg_ctl" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="postgresql_akonadi//null-/bin/dash" Best, Martin -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.2.16-tp520 (SMP w/4 CPU cores; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages akonadi-server depends on: ii akonadi-backend-postgresql 4:18.08.3-8 ii libc6 2.29-2 ii libgcc1 1:9.2.1-8 ii libkf5akonadiprivate5abi2 [libkf5akonadiprivate5-18.08] 4:18.08.3-8 ii libkf5akonadiwidgets5abi1 [libkf5akonadiwidgets5-18.08] 4:18.08.3-8 ii libkf5configcore5 5.62.0-1 ii libkf5coreaddons5 5.62.0-1 ii libkf5crash5 5.62.0-1 ii libkf5i18n5 5.62.0-1 ii libqt5core5a 5.11.3+dfsg1-4 ii libqt5dbus5 5.11.3+dfsg1-4 ii libqt5gui5 5.11.3+dfsg1-4 ii libqt5network5 5.11.3+dfsg1-4 ii libqt5sql5 5.11.3+dfsg1-4 ii libqt5widgets5 5.11.3+dfsg1-4 ii libqt5xml5 5.11.3+dfsg1-4 ii libstdc++6 9.2.1-8 akonadi-server recommends no packages. Versions of packages akonadi-server suggests: pn akonadi-backend-mysql <none> ii akonadi-backend-postgresql 4:18.08.3-8 pn akonadi-backend-sqlite <none> -- no debconf information
--- End Message ---
--- Begin Message ---
- To: 941118-done@bugs.debian.org
- Subject: Re: Bug#941118: akonadi-server: fails to start after upgrade to 4:18.08.3-8: apparmor denied access to pg_ctl
- From: Sandro Knauß <hefee@debian.org>
- Date: Mon, 07 Oct 2019 00:30:39 +0200
- Message-id: <4332771.cx6hI3ZLRH@tuxin>
- In-reply-to: <156939673518.3735.4936801646484208903.reportbug@merkaba.lichtvoll>
- References: <156939673518.3735.4936801646484208903.reportbug@merkaba.lichtvoll>
Version: 4:18.08.3-9 I improved the AppArmor profile, now PostgreSQL support should be handled correctly and the other suggestions of intrigeri. sandro -- On Mittwoch, 25. September 2019 09:32:15 CEST Martin Steigerwald wrote: > Package: akonadi-server > Version: 4:18.08.3-8 > Severity: important > > Dear Sandro, > > I was tempted to raise severity to grave, but then thought that this may > just happen on my system. Severity can still be raised if it happens on > other systems as well. It may refuse to start on all setups using > PostgreSQL backend, see below. > > I upgraded and then rebooted the system. > > After upgrading to Akonadi 4:18.08.3-8, Akonadi does not start anymore: > > % akonadictl start > Connecting to deprecated signal > QDBusConnectionInterface::serviceOwnerChanged(QString,QString,QString) > org.kde.pim.akonadicontrol: Application 'akonadiserver' exited normally... > > I believe the failure may be due to this: > > Sep 25 09:21:06 merkaba kernel: [ 266.556167][ T37] audit: type=1400 > audit(1569396066.434:45): apparmor="DENIED" operation="exec" > profile="postgresql_akonadi" name="/bin/dash" pid=3833 comm="pg_ctl" > requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 > > However when I use: > > % aa-disable postgresql_akonadi > Disabling /etc/apparmor.d/postgresql_akonadi. > > I can still not start Akonadi – same console output as before, syslog > output: > > Sep 25 09:27:17 merkaba kernel: [ 637.670793][ T37] audit: type=1400 > audit(1569396437.550:46): apparmor="STATUS" operation="profile_remove" > profile="unconfined" name="postgresql_akonadi" pid=5247 > comm="apparmor_parser" Sep 25 09:27:26 merkaba kernel: [ 647.098937][ > T37] audit: type=1400 audit(1569396446.978:47): apparmor="DENIED" > operation="exec" info="profile transition not found" error=-13 > profile="/usr/bin/akonadiserver" name="/usr/lib/postgresql/11/bin/pg_ctl" > pid=5261 comm="akonadiserver" requested_mask="x" denied_mask="x" fsuid=1000 > ouid=0 > > Also setting to complain mode does not help: > > % aa-complain postgresql_akonadi > Setting /etc/apparmor.d/postgresql_akonadi to complain mode. > > Although access does get allowed then: > > Sep 25 09:30:14 merkaba kernel: [ 814.345508][ T37] audit: type=1400 > audit(1569396614.227:51): apparmor="ALLOWED" operation="exec" > profile="postgresql_akonadi" name="/bin/dash" pid=5328 comm="pg_ctl" > requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 > target="postgresql_akonadi//null-/bin/dash" > > Best, > Martin > > > -- System Information: > Debian Release: bullseye/sid > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, > 'experimental') Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 5.2.16-tp520 (SMP w/4 CPU cores; PREEMPT) > Kernel taint flags: TAINT_OOT_MODULE > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de > (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > Versions of packages akonadi-server depends on: > ii akonadi-backend-postgresql 4:18.08.3-8 > ii libc6 2.29-2 > ii libgcc1 1:9.2.1-8 > ii libkf5akonadiprivate5abi2 [libkf5akonadiprivate5-18.08] 4:18.08.3-8 > ii libkf5akonadiwidgets5abi1 [libkf5akonadiwidgets5-18.08] 4:18.08.3-8 > ii libkf5configcore5 5.62.0-1 > ii libkf5coreaddons5 5.62.0-1 > ii libkf5crash5 5.62.0-1 > ii libkf5i18n5 5.62.0-1 > ii libqt5core5a 5.11.3+dfsg1-4 > ii libqt5dbus5 5.11.3+dfsg1-4 > ii libqt5gui5 5.11.3+dfsg1-4 > ii libqt5network5 5.11.3+dfsg1-4 > ii libqt5sql5 5.11.3+dfsg1-4 > ii libqt5widgets5 5.11.3+dfsg1-4 > ii libqt5xml5 5.11.3+dfsg1-4 > ii libstdc++6 9.2.1-8 > > akonadi-server recommends no packages. > > Versions of packages akonadi-server suggests: > pn akonadi-backend-mysql <none> > ii akonadi-backend-postgresql 4:18.08.3-8 > pn akonadi-backend-sqlite <none> > > -- no debconf informationAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---