[apparmor] [patch] profiles: update postfix-common

Steve Beattie steve at nxnw.org
Wed Jun 25 05:43:11 UTC 2014 

Hi,

Attached is a patch that updates postfix-common to take into account
of some multiarch stuff, some chrooting that postfix does, and that
the postfix master process sends signals to all the different utility
processes.

As a followup, I'd like to move postfix-common from program-chunks
directory (and kill the directory), as it is the last remaining
vestigial file there (the rest having been moved out in 2007!),
and place it into the abstractions/ directory, where it would
serve a similar role as the apache2-common abstraction as well as a
dovecot-common abstraction I have in the pipeline.

Signed-off-by: Steve Beattie <steve at nxnw.org>
---
 profiles/apparmor.d/program-chunks/postfix-common |   17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

Index: b/profiles/apparmor.d/program-chunks/postfix-common
===================================================================
--- a/profiles/apparmor.d/program-chunks/postfix-common
+++ b/profiles/apparmor.d/program-chunks/postfix-common
@@ -1,6 +1,7 @@
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
+#    Copyright (C) 2014 Canonical, Ltd.
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -14,11 +15,19 @@
   capability            setgid,
   capability            sys_chroot,
 
+  # postfix's master can send us signals
+  signal receive peer=/usr/lib/postfix/master,
+
+  /etc/mailname         r,
   /etc/postfix/*.cf     r,
   /etc/postfix/*.db     r,
   @{PROC}/net/if_inet6  r,
   /usr/lib/postfix/*.so mr,
-  /usr/lib64/sasl2/*    mr,
-  /usr/lib64/sasl2/     r,
-  /usr/lib/sasl2/*      mr,
-  /usr/lib/sasl2/       r,
+  /usr/lib{,32,64}/sasl2/*    mr,
+  /usr/lib{,32,64}/sasl2/     r,
+  /usr/lib/@{multiarch}/sasl2/*      mr,
+  /usr/lib/@{multiarch}/sasl2/       r,
+
+  /var/spool/postfix/etc/*        r,
+  /var/spool/postfix/lib/lib*.so* mr,
+  /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140624/2e0f5ffb/attachment-0001.pgp>

More information about the AppArmor mailing list