出现 doveconf: Fatal: Error in ... ssl_cert: ... Can not open file: Permission denied 的解决办法

今天,在openSUSE Leap 15.0上配置dovecot的时候,出现了这个错误:

1
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf  line 7: ssl_cert: /etc/{some path} Can not open file: Permission  denied

以下是我的解决办法

环境

我的SSL证书是由certbot颁发的,在/etc/certbot/...

错误现象

systemed开启dovecot时,报错

1
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf  line 7: ssl_cert: /etc/{some path} Can not open file: Permission  denied

解决方案

profiles/apparmor.d/abstractions/ssl_certs中对应位置添加

1
2
3
/etc/certbot/archive/*/cert*.pem r,
/etc/certbot/archive/*/chain*.pem r,
/etc/certbot/archive/*/fullchain*.pem r,

profiles/apparmor.d/abstractions/ssl_keys对应位置添加

1
/etc/certbot/archive/*/privkey*.pem r,

详细可参考

https://gitlab.com/iochen/apparmor/commit/3016ffb3367e03ee2129401472d44d5eea4c1fb2

https://gitlab.com/iochen/apparmor/commit/4d275bab696f58e1431d26da642e82adbe092526

后续

已在apparmor官方仓库中提出PR

参考

LEAP 42.3 Unexpected permissions issue with Dovecot