On Fri, 4 Nov 2011, Timo Sirainen wrote:
On Fri, 2011-11-04 at 21:29 +0100, Michael Stilkerich wrote:
Nov 4 16:29:03 keira dovecot: imap(isa): Error: fcntl(unlock) locking failed for file /home/dovecot/isa/dovecot.index.log: No such file or directory Nov 4 16:29:03 keira dovecot: imap(isa): Error: fstat() failed with file /home/dovecot/isa/dovecot.index.log: No such file or directory
These simply shouldn't happen. I'd say it's a kernel bug. You're running a default Ubuntu kernel? I wonder if other Ubuntu users have this problem.
I am seeing this same problem on Ubuntu 11.10 and 12.04 with stock kernels.
The problem is clearly AppArmor related. The imap process seems to be using the "usr.sbin.dovecot" profile which prevents access to these files. There is a separate profile "usr.lib.dovecot.imap" but it seems that it does not get applied to the imap process for some odd reason. This is especially strange beacuse both profiles are enabled in "complain" and not in "enforce" mode, thus they should not enforce any of the rules.
I am simultaneously getting messages similar to the following in my audit log:
type=AVC msg=audit(1335712674.515:655016): apparmor="ALLOWED" operation="getattr" parent=10922 profile="/usr/sbin/dovecot//null-107//null-10b//null-118" name="/home/foobar/Maildir/.foobar/dovecot.index.log" pid=10937 comm="imap" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
After disabling the "usr.sbin.dovecot" profile everything seems fine. Other dovecot related AppArmor profiles do not seem to cause problems.
This looks like an issue in AppArmor to me...
-- Janne Snabb / EPIPE Communications snabb@epipe.com - http://epipe.com/