[apparmor] [patch] update dovecot-lda profile
Steve Beattie
steve at nxnw.org
Mon Apr 3 21:17:51 UTC 2017
On Sun, Apr 02, 2017 at 01:20:52PM +0200, Christian Boltz wrote:
> dovecot-lda needs
> - the attach_disconnected flags
> - read access to /usr/share/dovecot/protocols.d/
> - rw for /run/dovecot/auth-userdb
>
> References: https://bugs.launchpad.net/bugs/1650827
>
> I propose this patch for 2.9, 2.10 and trunk.
Acked-by: Steve Beattie <steve at nxnw.org> for all three, though...
> [ dovecot-lda-lp1650827.diff ]
>
> === modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda'
> --- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2016-02-20 00:15:20 +0000
> +++ profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-04-02 10:46:01 +0000
> @@ -12,7 +12,7 @@
> #include <tunables/global>
> #include <tunables/dovecot>
>
> -/usr/lib/dovecot/dovecot-lda {
> +/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
> #include <abstractions/base>
> #include <abstractions/nameservice>
> #include <abstractions/dovecot-common>
> @@ -26,9 +26,11 @@
> /proc/*/mounts r,
> owner /tmp/dovecot.lda.* rw,
> /{var/,}run/dovecot/mounts r,
> + /run/dovecot/auth-userdb rw,
> /usr/bin/doveconf mrix,
> /usr/lib/dovecot/dovecot-lda mrix,
> /usr/sbin/sendmail Cx,
> + /usr/share/dovecot/protocols.d/ r,
I'm surprised that there isn't any need to read files in that directory.
Unless in this configuration there's nothing within that directory for
dovecot-lda specifically.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170403/df5fd69b/attachment-0001.pgp>
More information about the AppArmor
mailing list