Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mod_auth_external vs. apparmor #1598

Closed
sualko opened this issue Mar 6, 2017 · 12 comments
Closed

mod_auth_external vs. apparmor #1598

sualko opened this issue Mar 6, 2017 · 12 comments

Comments

@sualko
Copy link

sualko commented Mar 6, 2017

What version of ejabberd are you using?

ejabberd 16.01

What operating system (version) are you using?

Ubuntu 16.04

How did you install ejabberd (source, package, distribution)?

distribution

What did not work as expected? Are there error messages in the log? What
was the unexpected behavior? What was the expected result?

I tried to use an external python script to authenticate my users. After 2 days of searching, testing, stracing and so on, I found out that ejabberd comes with an apparmor profile 👿. At least this should be documented somewhere...
@zinid
Copy link
Contributor

zinid commented Mar 6, 2017

We do not maintain Ubuntu's packages.

@zinid zinid closed this as completed Mar 6, 2017
@debalance
Copy link

Just for the record, this IS documented in /usr/share/doc/ejabberd/NEWS.Debian.gz,
you can install and configure apt-listchanges accordingly if you want to be shown these automatically during upgrades.

Also, AppArmor pretty much jumps you in the face in dmesg, which is one of the first things I check when things are not working as they should.

@sualko
Copy link
Author

sualko commented Mar 7, 2017

People (non-high end linux freaks) get frustrated by such things. Please reconsider this.

@zinid
Copy link
Contributor

zinid commented Mar 7, 2017

By what things? We do not have enough human resources to maintain packages for linux distros.

@lemenkov
Copy link
Contributor

lemenkov commented Mar 7, 2017

Looks like a downstream (not upstream) bug. This should be addressed by Debian maintainer, not here.

@zinid
Copy link
Contributor

zinid commented Mar 7, 2017

@lemenkov the Debian maintainer replied in this thread already :)

@sualko
Copy link
Author

sualko commented Mar 8, 2017

I think a small notice in the documentation would not hurt and would help so many people, but this is your decision.

@debalance
Copy link

@sualko, what documentation are you talking about?

@sualko
Copy link
Author

sualko commented Mar 8, 2017

https://docs.ejabberd.im/admin/configuration/#external-script

@lock
Copy link

lock bot commented Jun 11, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@zeigerpuppy
Copy link

This looks like an issue for me too. I'm not sure how to solve it (maybe by adding permission for running xauth.py in the ejabberd apparmour profile?)
I agree it would be good to document it somewhere with a suggestion of how to fix.
On that note if anyone has fixed this, could you please also post the fix here (I will if I manage to sort it out!)

@zeigerpuppy
Copy link

a simple way to test this is to remove the apparmor profile.
In my case: apparmor_parser -R /etc/apparmor.d/usr.sbin.ejabberdctl

It looks like apparmor is not the problem for me but I thought I'd add this here to help others debug anyway...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lemenkov @zeigerpuppy @zinid @sualko @debalance