On 07/27/2016 12:41 AM, Mark Wadham wrote: > Thanks Seth, > > I've also got this issue which is confusing: > > [298095.650794] audit: type=1400 audit(1469603593.253:31338): > apparmor="DENIED" operation="getattr" info="Failed name lookup - deleted > entry" error=-2 profile="/usr/sbin/dovecot" > name="/var/lib/dovecot/.temp.a.rkw.io.18728.38411b5110c0f7d6" pid=18728 > comm="dovecot" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > getattr is being done on a file descriptor that has been deleted
> yet the usr.sbin.dovecot profile explicitly allows access to files in the > /var/lib/dovecot/* path: > > /var/lib/dovecot/* rwkl, > > If I trigger the same log entry in complain mode and run aa-logprof it > doesn't report anything. > what flags does your profile have set? -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
