[apparmor] [patch] Add missing permissions to dovecot profiles
Christian Boltz
apparmor at cboltz.de
Tue Oct 4 22:18:25 UTC 2016
Hello,
Am Montag, 3. Oktober 2016, 15:49:11 CEST schrieb Seth Arnold:
> > [ dovecot-profiles-deb835826.diff ]
>
> Acked for all three, thanks.
>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
In the meantime, Félix answered [1] - and I have a follow-up patch for the
dovecot/lmtp profile.
[patch] Allow reading ~/.dovecot.svbin in dovecot/lmtp profile
Félix told me that he didn't modify the sieve config, which means
~/.dovecot.svbin is the default filename. I'd say this is a good
reason to allow it in the profile ;-)
I propose this patch for trunk, 2.10 and 2.9.
(If nobody objects, I'll commit this together with the other changes
from Debian bug 835826.)
[ dovecot-profiles-deb835826-lmtp.diff ]
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.lmtp'
--- profiles/apparmor.d/usr.lib.dovecot.lmtp 2015-04-27 19:33:06 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.lmtp 2016-10-04 21:54:09 +0000
@@ -25,6 +25,8 @@
@{DOVECOT_MAILSTORE}/ rw,
@{DOVECOT_MAILSTORE}/** rwkl,
+ @{HOME}/.dovecot.svbin r,
+
/proc/*/mounts r,
/tmp/dovecot.lmtp.* rw,
/usr/lib/dovecot/lmtp mr,
Regards,
Christian Boltz
[1] the Debian bugreport is closed and doesn't accept additional comments,
so only Seth and I received Félix' answer
--
Eine datei mit der Endung .SCR ist eine ausführbare datei. [...]
Unter Linux öffnet man so was mit clamscan, avgscan, oder vergleichbaren
tools, und danach noch einmal mit rm. [Mathias Homann in opensuse-de]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161005/c084a45b/attachment.pgp>
More information about the AppArmor
mailing list