The current apparmor profiles installed by akonadi-19.12.3 stop akonadi from working as it is blocking essential resources, including the database backend. Reproducible: Always Steps to Reproduce: Login into plasma and start an akonadi-related application, like korganizer, to observe that akonadi cannot be started. Actual Results: The output of journalctl contains AVC apparmor="DENIED" operation="mkdir" profile="/usr/bin/akonadiserver" name="/run/user/1000/akonadi/" pid=38053 comm="akonadiserver" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 [...] AVC apparmor="DENIED" operation="open" profile="mysqld_akonadi" name="/usr/share/mariadb/english/errmsg.sys" pid=38064 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 and a full list is attached. Using current upstream profiles mysqld_akonadi, usr.bin.akonadiserver, (and postgresql_akonadi) from https://github.com/KDE/akonadi/tree/master/apparmor plus adding /usr/share/mariadb/** r, to mysqld_akonadi made it start again. Further adding owner @{xdg_data_home}/baloo/ rw, owner @{xdg_data_home}/baloo/* rwlk, owner @{xdg_data_home}/baloo/** rwk, to usr.bin.akonadiserver fixed some further denials for akonadi that were not necessary for akonadi to start.
Created attachment 630694 [details] A journalctl snippet showing akonadi to fail
baloo is not related to akonadi, am I missing anything (wrt the last bits)?
(In reply to Andreas Sturmlechner from comment #2) > baloo is not related to akonadi, am I missing anything (wrt the last bits)? At least akonadiserver wanted to open the following file: audit: type=1400 audit(1586177077.810:31182): apparmor="DENIED" operation="open" profile="/usr/bin/akonadiserver" name="/home/shuber/.local/share/baloo/notes/iamglass" pid=254545 comm="SearchManager-T" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 Judging by the header it could be a xapian glass database, if that makes sense.
Please test again with 20.08.2: https://invent.kde.org/pim/akonadi/-/commit/3d85f3726bffe11a89f1188ecfb4b606d3375ada Re-open if it is still reproducible.
(In reply to Andreas Sturmlechner from comment #4) > Please test again with 20.08.2: > > https://invent.kde.org/pim/akonadi/-/commit/ > 3d85f3726bffe11a89f1188ecfb4b606d3375ada > > Re-open if it is still reproducible. Seems to be resolved for me.