Created attachment 1417937 [details]
%patch11 for spec file
After upgrading to 2.3.x, PAM authentication stopped working:
Error in system's security log:
PAM audit_log_acct_message() failed: Operation not permitted
Error in dovecot.log:
auth-worker(*REMOVED*): Info: pam(*REMOVED*): pam_authenticate() failed: System error
Removing NoNewPrivileges=true and adding CAP_AUDIT_WRITE to CapabilityBoundingSet fixes this error.
It seems the option NoNewPrivileges=true is not only a problem for apparmor, but also for PAM.
see also: https://github.com/dovecot/core/pull/71
I've attached a patch that can be used as %patch11 in the spec file.
this change should be already included
No, it isn't. At least not in 2.3.1. They finally fixed that in 2.3.2.
rawhide contains dovecot 126.96.36.199