Bug#985080: Akonadi server crashes because of Apparmor rules

To: submit@bugs.debian.org
Subject: Bug#985080: Akonadi server crashes because of Apparmor rules
From: "bs.net" <bs.net@gmx.de>
Date: Fri, 12 Mar 2021 18:18:35 +0100
Message-id: <[🔎] 7552729.mNAfWqAuux@excelsis.fritz.box>
Reply-to: "bs.net" <bs.net@gmx.de>, 985080@bugs.debian.org
In-reply-to: <2656923.67plJOlqvt@excelsis.fritz.box>

Package: akonadi-server
Version: 4:20.08.3-1

Hi,

the Akonadi server permanently crashes on login after upgrading to Bullseye.

There are several Apparmor messages in the log:

Mär 12 18:01:27 mcp kernel: audit: type=1400 audit(1615568487.152:30): 
apparmor="DENIED" operation="open" profile="/usr/bin/akonadiserver" name="/
proc/2411/fd/" pid=2411 comm="QDBusConnection" requested_mask="r" 
denied_mask="r" fsuid=1000 ouid=1000
Mär 12 18:01:27 mcp kernel: audit: type=1400 audit(1615568487.152:31): 
apparmor="DENIED" operation="exec" profile="/usr/bin/akonadiserver" name="/usr/
bin/dbus-launch" pid=2411 comm="QDBusConnection" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0
Mär 12 18:01:27 mcp kernel: audit: type=1400 audit(1615568487.152:32): 
apparmor="DENIED" operation="exec" profile="/usr/bin/akonadiserver" name="/usr/
bin/dbus-launch" pid=2411 comm="QDBusConnection" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0
Mär 12 18:01:27 mcp kernel: audit: type=1400 audit(1615568487.152:33): 
apparmor="DENIED" operation="exec" profile="/usr/bin/akonadiserver" name="/usr/
bin/dbus-launch" pid=2411 comm="QDBusConnection" requested_mask="x" 
denied_mask="x" fsuid=1000 ouid=0
Mär 12 17:21:29 mcp kernel: audit: type=1400 audit(1615566089.522:31): 
apparmor="DENIED" operation="signal" profile="/usr/bin/akonadiserver" pid=2292 
comm="akonadiserver" requested_mask="send" denied_mask="send" signal=term 
peer="unconfined"
Mär 12 17:21:32 mcp kernel: audit: type=1400 audit(1615566092.526:32): 
apparmor="DENIED" operation="signal" profile="/usr/bin/akonadiserver" pid=2292 
comm="akonadiserver" requested_mask="send" denied_mask="send" signal=kill 
peer="unconfined"
Mär 12 17:37:16 mcp kernel: audit: type=1400 audit(1615567036.308:30): 
apparmor="DENIED" operation="open" profile="/usr/bin/akonadiserver" name="/usr/
local/share/mime/mime.cache" pid=3791 comm=5468726561642028706F6F6C656429 
requested_mask="r" denied_mask="r"  fsuid=100

So that I can write e-mails again, I first added the missing include for user 
additions in the /etc/apparmor.d/usr.bin.akonadiserver file:

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.bin.akonadiserver>

Subsequently, I have fixed the above messages with the following additions in /
etc/apparmor.d/local/usr.bin.akonadiserver, so that the Akonadi server is now 
running again:

/usr/bin/dbus-launch ix,
/usr/local/share/mime/mime.cache r,
@{PROC}/@{pid}/fd/ r,
@{HOME}/.Xauthority r,
signal send set=term peer=unconfined,
signal send set=kill peer=unconfined,

It would be good if the Apparmor rules of the Akonadi server were functional. 
In the current state, the Akonadi server is unfortunately not usable without 
user adjustments.

Please fix the apparmor rules. Thanks a lot.

With kind regards

Reply to:

Follow-Ups:
- Bug#985080: Akonadi server crashes because of Apparmor rules
  - From: Sandro Knauß <hefee@debian.org>

Prev by Date: [bts-link] source package akregator
Next by Date: Re: Bug#984468: Pre-approval for uploading KDE Apps 20.12.3
Previous by thread: [bts-link] source package akregator
Next by thread: Bug#985080: Akonadi server crashes because of Apparmor rules
Index(es):
- Date
- Thread