[apparmor] [patch] dovecout.auth profile update
Christian Boltz
apparmor at cboltz.de
Sun Aug 10 18:48:15 UTC 2014
Hello,
dovecot/auth needs read access to /etc/dovecot/* when using plaintext
user/password files (everybody will use a different filename for the
user/password list - and when you allow reading the password list,
allowing to read the config doesn't add any harm ;-)
References: https://bugzilla.novell.com/show_bug.cgi?id=874094
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.auth'
--- profiles/apparmor.d/usr.lib.dovecot.auth 2014-07-07 21:35:18
+++ profiles/apparmor.d/usr.lib.dovecot.auth 2014-08-10 18:43:08
@@ -27,8 +27,7 @@
/etc/my.cnf.d/ r,
/etc/my.cnf.d/*.cnf r,
- /etc/dovecot/dovecot-database.conf.ext r,
- /etc/dovecot/dovecot-sql.conf.ext r,
+ /etc/dovecot/* r,
/usr/lib/dovecot/auth mr,
# kerberos replay cache
Regards,
Christian Boltz
--
Whoa whoa whoa that's WAY too efficient. Using tools that already exist?
Instead of inventing a whole new system and living with bugs?
Blaspheme. [Brian K. White in opensuse-factory]
More information about the AppArmor
mailing list