openSUSE Forums > Archives > Novell Archives » Watchout for AppArmor when configuring services

Go Back   openSUSE Forums > Archives > Novell Archives
Reload this Page Watchout for AppArmor when configuring services
Forums FAQ Members List Search Today's Posts Mark Forums Read

Novell Archives Archived content from Novell openSUSE support forums

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-Oct-2006, 23:09
Jim Pye
Guest
  
Posts: n/a
Default Watchout for AppArmor when configuring services
People

Just a note on some findings I have struck over the last few weeks.

Configuring a virus scanner and spam checking software to run with the
PostFix server on SuSE 10.1.

Got it all configured but was getting an error in the /var/log/mail file:

postfix/qmgr[7632]: warning: connect to transport filter: Operation not
permitted

I had seen this error earlier and tracked it down to AppArmor.

To see if AppArmor is the culprit tail the /var/log/audit/audit.log file
while trying to perform the operation that is failing. You will see
something like:

type=APPARMOR msg=audit(1159755381.613:10): REJECTING w access
to /var/spool/postfix/private/filter (qmgr(7632)
profile /usr/lib/postfix/qmgr active /usr/lib/postfix/qmgr)

As PostFix is one of the services that is configured by default to be
controlled by AppArmor, the AppArmor profile is not allowing the qmgr
process within PostFix to write to the filter file (actually a socket which
has been created for the connection to the filter software). The PostFix
profile needs a little modification to make it run successfully.

In Yast open the AppArmor controls and select the Edit Profile option.

From the profile names select the /usr/lib/postfix/qmgr -> next

Select the Add Entry and add a file.

Browse to and select the /var/spool/postfix/private/filter and give the w
permission.

Once this has been done AppArmor rereads the profiles and now the
application should work. Note that for another application I had to do this
multiple times as once I cleared one issue another would appear. So keep
monitoring the audit.log, and modifying the profiles, until the application
is running properly.

Cheers
Jim

--
Pye, James Pye, chmod 007
The Ultimate Open Source
  #2 (permalink)  
Old 06-Oct-2006, 03:36
Automatic reply
Guest
  
Posts: n/a
Default Re: Watchout for AppArmor when configuring services
Jim,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://support.novell.com/forums/
 

Bookmarks


« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Contact Us - openSUSE Forums - Archive - Privacy Statement - Top
© 2007 Novell, Inc. All Rights Reserved. This site uses the YAML CSS framework. All times are GMT -6. The time now is 01:46.
About openSUSE | Disclaimers | Feedback

Founded by Novell
 

Search Engine Friendly URLs by vBSEO 3.3.0 RC2