[apparmor] [patch] dovecot auth needs to read openssl.cnf
Seth Arnold
seth.arnold at canonical.com
Wed Mar 18 23:14:04 UTC 2015
On Wed, Mar 18, 2015 at 11:44:56PM +0100, Christian Boltz wrote:
> Hello,
>
> usr.lib.dovecot.auth needs to read openssl.cnf:
>
> <darix> type=AVC msg=audit(1426698024.100:21778): apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/auth" name="/etc/ssl/openssl.cnf" pid=19808 comm="auth" requested_mask="r" denied_mask="r" fsuid=488 ouid=0
>
> Darix' guess is that this is needed by libpq because he uses a postgresql
> database with dovecot and has ssl enabled in postgresql.
>
> I propose this patch for trunk and 2.9
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked for both.
Thanks
>
>
> [ dovecot-openssl.diff ]
>
> === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth'
> --- profiles/apparmor.d/usr.lib.dovecot.auth 2014-09-25 22:37:14 +0000
> +++ profiles/apparmor.d/usr.lib.dovecot.auth 2015-03-18 22:37:48 +0000
> @@ -17,6 +17,7 @@
> #include <abstractions/base>
> #include <abstractions/mysql>
> #include <abstractions/nameservice>
> + #include <abstractions/openssl>
> #include <abstractions/wutmp>
> #include <abstractions/dovecot-common>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150318/4efd6758/attachment-0001.pgp>
More information about the AppArmor
mailing list