Feb 03 13:27:19 aggregator: Fatal: chroot(/var/lib/dovecot/run/dovecot/.) failed: Operation not permitted

[Jörg Faudin Schulz]

I'm trying to set up dsync replication.

This seems to work partial - complete replica does work (delete the
mailboxes on target, and they'll get filled again).

But, changes don't seem to get populated on the replica server; I get
the msg

    Feb 03 13:27:19 aggregator: Fatal:
chroot(/var/lib/dovecot/run/dovecot/.) failed: Operation not permitted


dovecot conf:


# Pigeonhole version 0.5.13 (cdd19fe)
# OS: Linux 4.4.0-193-generic x86_64  
# Hostname: imap.faudin.de
auth_mechanisms = plain login
default_internal_group = root
default_internal_user = vmail
default_login_user = vmail
doveadm_password = # hidden, use -P to show it
doveadm_port = 2443
first_valid_gid = 0
imapc_features = rfc822.size fetch-headers
imapc_port = 1143
imapc_ssl = starttls
imapc_ssl_verify = no
imapc_user = %u
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /dev/stderr
mail_plugins = " notify replication"
mail_prefetch_count = 20
mail_privileged_group = root
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = create
    special_use = \Drafts
  }
  mailbox Junk {
    auto = create
    special_use = \Junk
  }
  mailbox Sent {
    auto = create
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = create
    special_use = \Sent
  }
  mailbox Trash {
    auto = create
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  mail_replica = tcp:m.datilo.de:2443
  postmaster = isomne valid address
  replication_sync_timeout = 2
  sieve = file:/var/vmail/sieve/scripts/%u/sieve;active=/var/vmail/sieve/scripts/%u/.dovecot.sieve
  sieve_after = /etc/dovecot/sieve/sieve-after
  sieve_before = /etc/dovecot/sieve/sieve-before
  sieve_default = /etc/dovecot/sieve/default.sieve
  sieve_dir = /var/vmail/sieve/scripts/%u
  sieve_global_dir = /var/vmail/sieve
}
protocols = imap lmtp sieve
service aggregator {
  unix_listener replication-notify {
    group = root
    mode = 0666
    user = vmail
  }
}
service anvil {
  chroot = 
}
service auth {
  chroot = 
  unix_listener auth-client {
    mode = 0660
    user = vmail
  }
}
service config {
  unix_listener config {
    group = root
    user = vmail
  }
}
service doveadm {
  group = root
  inet_listener {
    port = 2443
  }
  user = vmail
}
service imap-login {
  chroot = 
  inet_listener imap {
    port = 1143
  }
  inet_listener imaps {
    port = 1993
    ssl = yes
  }
}
service lmtp {
  chroot = 
  inet_listener lmtp {
    port = 2525
  }
}
service managesieve-login {
  chroot = 
  inet_listener sieve {
    port = 4190
  }
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
    group = root
    mode = 0600
    user = vmail
  }
}
ssl = required
ssl_cert = </run/secrets/letsencrypt-fullchain
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH:!SSLv2:!TLS1.0
ssl_client_ca_file = /var/run/secrets/letsencrypt-fullchain
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_host = exim-int-mailout:1587
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = " notify replication sieve"
}
protocol lda {
  mail_plugins = " notify replication sieve"
}