[apparmor] [patch] Update dovecot profiles

Seth Arnold seth.arnold at canonical.com
Tue Dec 27 01:35:42 UTC 2016

On Sun, Dec 25, 2016 at 01:03:49PM +0100, Christian Boltz wrote:
> Hello,
> the dovecot/auth profile needs access to /run/dovecot/anvil-auth-penalty
> and /var/spool/postfix/private/auth.
> The dovecot/log profile needs the attach_disconnected flag.
> Refences: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1652131
> I propose this patch for trunk, 2.10 and 2.9.

Acked for all three.
Acked-by: Seth Arnold <seth.arnold at canonical.com>

> BTW: Does it make sense to do the /{var/,}run/ dance forever, or should
> we just use /run/ for new additions nowadays? (The log from the bugreport
> contained just /run/.)

I'm starting to think it's time to just use /run/. I'm always reluctant to
remove permissions from profiles but this transition feels pretty well
handled by now.

Maybe we should pick e.g. 2.12 or 3.0 or whatever as a release to remove
all the /{var/,}run/ alternations and clean them all in one quick sed. :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161226/a49fe685/attachment.pgp>

More information about the AppArmor mailing list