[apparmor] [patch] dovecot auth needs to read openssl.cnf
Christian Boltz
apparmor at cboltz.de
Wed Mar 18 22:44:56 UTC 2015
Hello,
usr.lib.dovecot.auth needs to read openssl.cnf:
<darix> type=AVC msg=audit(1426698024.100:21778): apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/etc/ssl/openssl.cnf" pid=19808 comm="auth" requested_mask="r" denied_mask="r" fsuid=488 ouid=0
Darix' guess is that this is needed by libpq because he uses a postgresql
database with dovecot and has ssl enabled in postgresql.
I propose this patch for trunk and 2.9
[ dovecot-openssl.diff ]
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.auth'
--- profiles/apparmor.d/usr.lib.dovecot.auth 2014-09-25 22:37:14 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.auth 2015-03-18 22:37:48 +0000
@@ -17,6 +17,7 @@
#include <abstractions/base>
#include <abstractions/mysql>
#include <abstractions/nameservice>
+ #include <abstractions/openssl>
#include <abstractions/wutmp>
#include <abstractions/dovecot-common>
Regards,
Christian Boltz
--
> [suse-linux Statistik] Hm. Apropos: Was meint ihr, sollte ich
> 'ratti / Joerg' zusammenfassen? Ja, oder?
Ich denke ja schon, aber Ratti ist dagegen.
[> David Haller und Jörg Roßdeutscher aka Ratti in sl-etikette]
More information about the AppArmor
mailing list