[apparmor] [patch] Update dovecot profiles
Christian Boltz
apparmor at cboltz.de
Sun Dec 25 12:03:49 UTC 2016
Hello,
the dovecot/auth profile needs access to /run/dovecot/anvil-auth-penalty
and /var/spool/postfix/private/auth.
The dovecot/log profile needs the attach_disconnected flag.
Refences: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1652131
I propose this patch for trunk, 2.10 and 2.9.
BTW: Does it make sense to do the /{var/,}run/ dance forever, or should
we just use /run/ for new additions nowadays? (The log from the bugreport
contained just /run/.)
[ dovecot-lp1652131.diff ]
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.auth'
--- profiles/apparmor.d/usr.lib.dovecot.auth 2016-10-05 18:46:03 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.auth 2016-12-25 11:54:00 +0000
@@ -39,6 +39,9 @@
/{var/,}run/dovecot/auth-token-secret.dat{,.tmp} rw,
/{var/,}run/dovecot/stats-user rw,
+ /{var/,}run/dovecot/anvil-auth-penalty rw,
+
+ /var/spool/postfix/private/auth w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.auth>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.log'
--- profiles/apparmor.d/usr.lib.dovecot.log 2014-06-27 19:14:53 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.log 2016-12-25 11:54:42 +0000
@@ -11,7 +11,7 @@
#include <tunables/global>
-/usr/lib/dovecot/log {
+/usr/lib/dovecot/log flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dovecot-common>
Regards,
Christian Boltz
--
F: Word? Was ist das?
A: Das ist wohl das Programm, das ursrpünglich einmal Text heißen
sollte. Da es aber für längere Dokumente ungeeignet ist, wurde es
umbenannt. Inzwischen kann es aber bereits 97 Wörter verwalten.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161225/a442af98/attachment.pgp>
More information about the AppArmor
mailing list