[apparmor] [patch] Update dovecot profiles
Seth Arnold
seth.arnold at canonical.com
Tue Dec 27 01:35:42 UTC 2016
On Sun, Dec 25, 2016 at 01:03:49PM +0100, Christian Boltz wrote:
> Hello,
>
> the dovecot/auth profile needs access to /run/dovecot/anvil-auth-penalty
> and /var/spool/postfix/private/auth.
>
> The dovecot/log profile needs the attach_disconnected flag.
>
> Refences: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1652131
>
>
> I propose this patch for trunk, 2.10 and 2.9.
Acked for all three.
Acked-by: Seth Arnold <seth.arnold at canonical.com>
>
> BTW: Does it make sense to do the /{var/,}run/ dance forever, or should
> we just use /run/ for new additions nowadays? (The log from the bugreport
> contained just /run/.)
I'm starting to think it's time to just use /run/. I'm always reluctant to
remove permissions from profiles but this transition feels pretty well
handled by now.
Maybe we should pick e.g. 2.12 or 3.0 or whatever as a release to remove
all the /{var/,}run/ alternations and clean them all in one quick sed. :)
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161226/a49fe685/attachment.pgp>
More information about the AppArmor
mailing list