Does anybody have ideas concerning incompatibility of dovecot IMAP
server authentication and libpam_fscrypt? It seems Go runtime loaded
into authentication worker is unable to allocate memory.
To keep local mail archive I use a dovecot instance. This machine does
not receive or send mail using SMTP, it is purely IMAP server.
Installing of libpam-fscrypt caused authentication failures:
dovecot[72165]: auth-worker: Error: fatal error: failed to reserve page
summary memory
dovecot[72165]: auth-worker: Error:
dovecot[72165]: auth-worker: Error: runtime stack:
dovecot[72165]: auth-worker: Error: runtime.throw({0x7f552c418194?,
0x7f552c1feb10?})
dovecot[72165]: auth-worker: Error: runtime/panic.go:1047 +0x5f
fp=0x7f552c1feac0 sp=0x7f552c1fea90 pc=0x7f552c28a53f
dovecot[72165]: auth-worker: Error:
runtime.(*pageAlloc).sysInit(0x7f552c5f6fd0)
dovecot[72165]: auth-worker: Error:
runtime/mpagealloc_64bit.go:82 +0x195 fp=0x7f552c1feb48
sp=0x7f552c1feac0 pc=0x7f552c280ef5
dovecot[72165]: auth-worker: Error:
runtime.(*pageAlloc).init(0x7f552c5f6fd0, 0x7f552c5f6fc0, 0x0?)
dovecot[72165]: auth-worker: Error: runtime/mpagealloc.go:324
+0x70 fp=0x7f552c1feb70 sp=0x7f552c1feb48 pc=0x7f552c27eb50
dovecot[72165]: auth-worker: Error: runtime.(*mheap).init(0x7f552c5f6fc0)
dovecot[72165]: auth-worker: Error: runtime/mheap.go:729 +0x13f
fp=0x7f552c1feba8 sp=0x7f552c1feb70 pc=0x7f552c27bf5f
dovecot[72165]: auth-worker: Error: runtime.mallocinit()
dovecot[72165]: auth-worker: Error: runtime/malloc.go:407 +0xb2
fp=0x7f552c1febd0 sp=0x7f552c1feba8 pc=0x7f552c260e72
dovecot[72165]: auth-worker: Error: runtime.schedinit()
dovecot[72165]: auth-worker: Error: runtime/proc.go:693 +0xab
fp=0x7f552c1fec30 sp=0x7f552c1febd0 pc=0x7f552c28df0b
dovecot[72165]: auth-worker: Error: runtime.rt0_go()
dovecot[72165]: auth-worker: Error: runtime/asm_amd64.s:345
+0x120 fp=0x7f552c1fec38 sp=0x7f552c1fec30 pc=0x7f552c2b7c20
dovecot[72165]: auth: Error: auth-worker: Aborted PASSV request for
mailuser: Worker process died unexpectedly
dovecot[72165]: auth-worker: Fatal: master: service(auth-worker): child
72211 returned error 2
PID 72165 is dovecot/log.
10-auth.conf:auth_mechanisms = plain
A workaround is to use custom /etc/pam.d/dovecot that does not relies on
common-auth, etc.
I am realizing that fscrypt with login protector is hardly compatible
with mail server and home directory of this user is not encrypted.
libpam-fscrypt is installed for another user that has encrypted home
directory, but has no mail.
My expectation is that pam_fscrypt.so should be noop in such case and
certainly should not cause authentication failure. I can not figure out
if it is pam_fscrypt or dovecot auth-worker failure, e.g. improper
compile or link options, perhaps some runtime protections intended to
prevent memory leaks or some sort of attack.
