Package: msmtp
Version: 1.8.3-1
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 10.9
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-13-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Uninstalling MSMTP package keeps msmtp AppArmor profiles loaded, that results in AppAmor permission denied problems with the sw-msmtp package shipped by Plesk control panel (
plesk.com) that replaces Debian 'msmtp'
==
kernel: [2993637.734566] audit: type=1400 audit(1619254176.743:36243): apparmor="DENIED" operation="open" profile="/usr/bin/msmtp//helpers" name="/dev/tty" pid=4820 comm="sh" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
kernel: [2993637.735238] audit: type=1400 audit(1619254176.747:36244): apparmor="DENIED" operation="exec" profile="/usr/bin/msmtp//helpers" name="/usr/lib/plesk-9.0/msmtp-pwdeval" pid=4820 comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
==
Steps to reproduce:
1) Install MSMTP on AppArmor enabled server
# apt install msmtp
2) Ensure that AppArmor MSMTP profiles are loaded
# aa-status| grep msmtp
/usr/bin/msmtp
/usr/bin/msmtp//helpers
3) Remove MSMTP
# apt purge msmtp
4) Query for AppArmor MSMTP profiles and they still loaded
# aa-status| grep msmtp
/usr/bin/msmtp
/usr/bin/msmtp//helpers
5) Check AppArmor cache
# ls /var/cache/apparmor/*/usr.bin.msmtp
Workaround is using 'aa-remove-unknown'
# aa-remove-unknown
Removing '/usr/bin/msmtp//helpers'
Removing '/usr/bin/msmtp'
Expected result:
MSMTP package removal removes and unload own AppArmor profiles