Hi Kai,
On 2019-01-09 10:03 a.m., kai.we...@glorybox.de wrote:
> With the AppArmor profile shipped the 'passwordeval' options does not
> work anymore. I tried using the permitted "gpg" or "secret-tool" but
> this did not work.
>
> msmtp uses popen(3) which in turn seems to exec /bin/dash which is not
> permitted by AppArmor.
>
> This renders the package currently unusable because I use the "pass"
> password manager. This might render the package unusable for everyone
> else using 'passwordeval' as well.
If you could put the profile in complain mode and collect the kernel
messages it would be useful to figure out what rules are missing.
To do so:
1) please edit the profile flags to include "complain" like this:
/usr/bin/msmtp flags=(attach_disconnected,complain) {
2) compile the new profile
sudo apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.msmtp
3) do your test
4) collect kernel logs
Providing only the apparmor messages would suffice (something like: grep
apparmor /var/log/syslog).
Thanks,
Simon
