Is AppArmor stopping an application from running?

While configuring a virus scanner and spam checking software to run with the Postfix server on SuSE 10.1 I had it all configured, but was getting an error in the /var/log/mail file:

postfix/qmgr[7632]: warning: connect to transport filter: Operation not permitted

I tracked the error down and discovered it was due to AppArmor.

To see if AppArmor is the culprit tail the /var/log/audit/audit.log file while trying to perform the operation that is failing.

tail -f /var/log/audit/audit.log

If it is AppArmor you will see something like:

type=APPARMOR msg=audit(1159755381.613:10): REJECTING w access to /var/spool/postfix/private/filter
 (qmgr(7632) profile /usr/lib/postfix/qmgr active /usr/lib/postfix/qmgr)

As Postfix is one of the services that is configured by default to be controlled by AppArmor, the AppArmor profile is not allowing the qmgr process within Postfix to write to the filter file (actually a socket which has been created for the connection to the filter software). The Postfix profile needs a little modification to make it run successfully.

1. In YaST open the AppArmor controls and select the Edit Profile option.
2. From the profile names select the /usr/lib/postfix/qmgr -> next
3. Select the Add Entry button and add a file.
4. Browse to and select the /var/spool/postfix/private/filter and give the w permission.

Once this has been done AppArmor rereads the profiles and now the application should work.

For another application I had to do this multiple times as once I cleared one issue another would appear. So keep monitoring the audit.log, and modifying the profiles, until the application is running properly.

Back to GNU/Linux Application Tips