[apparmor] Enabling email delivery for wordpress
Simon Deziel
simon.deziel at gmail.com
Wed Nov 2 21:27:01 UTC 2016
Hi Robert,
As Seth mentioned, you could setup a global or child profile instead of
allowing unfiltered access. I am surprised that your system needs bash
though.
On 2016-11-02 05:18 PM, Seth Arnold wrote:
> These profiles are also at:
> http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/files/head:/profiles/apparmor/profiles/extras/
>
> - There's a usr.sbin.sendmail that is prepared to handle both postfix
> _and_ sendmail
> - There's a usr.sbin.sendmail.sendmail that works with sendmail
> - There's a usr.sbin.sendmail.postfix that works with postfix
> - There's also profiles for postalias, postdrop, postmap, postqueue, and a
> dozen other postfix binaries.
>
> Unless someone speaks up to say they've kept the 'extras' profile updated
> for their MTA of choice, they are probably old enough at this point that
> they can be ignored.
I'm using sSMTP everywhere and this profile works well:
https://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/view/head:/ubuntu/16.04/usr.sbin.ssmtp
On occasions, I drop a local/ definition on a given machine to make
dead.letter work for system users:
simon at bck:~$ cat /etc/apparmor.d/local/usr.sbin.ssmtp
# Site-specific additions and overrides for usr.sbin.ssmtp.
# For more details, please see /etc/apparmor.d/local/README.
# backuppc
owner /var/lib/backuppc/dead.letter rw,
# logcheck
owner /var/lib/logcheck/dead.letter rw,
# nagios
owner /var/lib/nagios/dead.letter rw,
Otherwise, the base profile just works.
Regards,
Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161102/83d4a49b/attachment.pgp>
More information about the AppArmor
mailing list