[apparmor] [patch] update postfix-common abstraction

Tyler Hicks tyhicks at canonical.com
Wed Apr 15 16:20:51 UTC 2015 

On 2015-04-14 21:49:25, Steve Beattie wrote:
> Update the postfix-common abstraction to cope with signal and unix
> socket mediation, update the access to the sasl library locations
> in a multiarch compliant way, and allow access to limited bits
> of the filesystem paths under which postfix chroots itself to
> (/var/spool/postfix/ on Ubuntu).
> 
> Nominated for trunk and 2.9.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

Acked-by: Tyler Hicks <tyhicks at canonical.com>

(for both branches)

Tyler

> ---
>  profiles/apparmor.d/abstractions/postfix-common |   19 +++++++++++++++----
>  1 file changed, 15 insertions(+), 4 deletions(-)
> 
> Index: b/profiles/apparmor.d/abstractions/postfix-common
> ===================================================================
> --- a/profiles/apparmor.d/abstractions/postfix-common
> +++ b/profiles/apparmor.d/abstractions/postfix-common
> @@ -1,6 +1,7 @@
>  # ------------------------------------------------------------------
>  #
>  #    Copyright (C) 2002-2005 Novell/SUSE
> +#    Copyright (C) 2015 Canonical, Ltd.
>  #
>  #    This program is free software; you can redistribute it and/or
>  #    modify it under the terms of version 2 of the GNU General Public
> @@ -14,11 +15,21 @@
>    capability            setgid,
>    capability            sys_chroot,
>  
> +  # postfix's master can send us signals
> +  signal receive peer=/usr/lib/postfix/master,
> +
> +  unix (send, receive) peer=(label=/usr/lib/postfix/master),
> +
> +  /etc/mailname         r,
>    /etc/postfix/*.cf     r,
>    /etc/postfix/*.db     r,
>    @{PROC}/net/if_inet6  r,
>    /usr/lib/postfix/*.so mr,
> -  /usr/lib64/sasl2/*    mr,
> -  /usr/lib64/sasl2/     r,
> -  /usr/lib/sasl2/*      mr,
> -  /usr/lib/sasl2/       r,
> +  /usr/lib{,32,64}/sasl2/*    mr,
> +  /usr/lib{,32,64}/sasl2/     r,
> +  /usr/lib/@{multiarch}/sasl2/*      mr,
> +  /usr/lib/@{multiarch}/sasl2/       r,
> +
> +  /var/spool/postfix/etc/*        r,
> +  /var/spool/postfix/lib/lib*.so* mr,
> +  /var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
> 
> -- 
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150415/5c8fa3c8/attachment-0001.pgp>

More information about the AppArmor mailing list