Bug 139567

Summary: Subdomain stops postfix/cyrus working
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Michael Schwartzkopff <misch>
Component: AppArmorAssignee: Dominic W Reynolds <dreynolds>
Status: RESOLVED WONTFIX QA Contact: Dominic W Reynolds <dreynolds>
Severity: Critical    
Priority: P5 - None    
Version: RC 1   
Target Milestone: ---   
Hardware: i686   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Michael Schwartzkopff 2005-12-16 11:07:10 UTC 
Hi,

standalone postfix works. Local mail delivery through cyrus does not work. In /var/log/messages I get something like:

<date> kernel: SubDomain: REJECTING w access to /var/spool/postfix/private/lmtp (local(6717) profile /usr/lib/postfix/local active /usr/lib/postfix/local)

I have to use YaST-> AppArmor -> UpdateProfile Wizard to get it working.

But very annoying: Through the wizard I got rid of the error messages, restarted postfix and got _new_ error messages from sudomain system. So I had to use the Update Profile Wizard for about 10 times before everything was working.

My installation: Straight forward setup with KDE, just for postfix, nothing else.
Comment 1 Dominic W Reynolds 2005-12-17 06:45:18 UTC 
Thanks for the info: we will look into this issue. 

For working around repeated cycles for single rejects. You can use the command line utils "complain" and "enforce" to toggle the mode of a profile. So for the above:

1. Run "complain /usr/lib/postfix/local" - would toggle the profile into learning mode 

2. In learning mode you can then completely execute your use case (mail delivery and retrieval) 

3. Run YaST-> AppArmor -> Update Profile Wizard to capture the new behavior

4. Run "enforce /usr/lib/postfix/local" to reset this profile to enforce mode
Comment 2 Dominic W Reynolds 2006-01-31 01:23:08 UTC 
Will exercise this use case and  update profile set for a maintenance release in feb. Will close this bug when the release has been pushed to the maintenance system
Comment 3 Seth R Arnold 2006-02-08 00:25:50 UTC 
Michael, could you attach the logfile that included the additional accesses you required to allow cyrus and postfix to work together? Thanks
Comment 4 Michael Schwartzkopff 2006-02-08 05:44:41 UTC 
Sorry, but I did set up this machine nearly two months ago. Where are the logfiles saved?
Comment 5 Seth R Arnold 2006-03-03 20:47:15 UTC 
Michael, the logs are in /var/log/messages; if the errors were a while ago, syslog may have rotated the logs to a messages.1, or similar.

Thanks
Comment 6 Andreas Jaeger 2007-02-01 13:16:10 UTC 
No reaction for 8 months, closing as CANTFIX.