issue with sieve forwarding after upgrade to 0.5.1

Helmut K. C. Tessarek tessarek at evermeet.cx
Wed Apr 4 09:44:31 EEST 2018


On 2018-04-04 01:54, B. Reino wrote:
> The new systemd service file has NoNewPrivileges set to true. You need
> to override that to false and then it should work again.

It seems that the NoNewPrivileges option messes with several things.
PAM authentication stopped working as well besides the fact that
CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet.

I've opened a pull request https://github.com/dovecot/core/pull/71
Although I removed NoNewPrivileges altogether, since I didn't know what
to write in the comment.

The only thing I could think of was something along the lines:

# If you want most things to stop working, set this to true

I thought this would be rather counterproductive, thus I removed it.

Maybe somebody else could enlighten me who came up with this default
setting and why it was set to true in the first place.

Cheers,
  K. C.

-- 
regards Helmut K. C. Tessarek              KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/


More information about the dovecot mailing list