[apparmor] [patch] update dovecot-lda profile

Christian Boltz apparmor at cboltz.de
Thu Apr 6 22:24:59 UTC 2017


Hello,

Am Montag, 3. April 2017, 23:17:51 CEST schrieb Steve Beattie:
> On Sun, Apr 02, 2017 at 01:20:52PM +0200, Christian Boltz wrote:
> > dovecot-lda needs
> > - the attach_disconnected flags
> > - read access to /usr/share/dovecot/protocols.d/
> > - rw for /run/dovecot/auth-userdb
> > 
> > References: https://bugs.launchpad.net/bugs/1650827
> > 
> > I propose this patch for 2.9, 2.10 and trunk.
> 
> Acked-by: Steve Beattie <steve at nxnw.org> for all three, though...
> 
> > [ dovecot-lda-lp1650827.diff ]
> > 
> > === modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda'
...
> > +  /usr/share/dovecot/protocols.d/ r,
> 
> I'm surprised that there isn't any need to read files in that
> directory. Unless in this configuration there's nothing within that
> directory for dovecot-lda specifically.

Theoretically a good point, but -
On my system, the directory doesn't even exist, so let's just wait until 
someone complains about permission errors inside that directory ;-)
Also, the log messages in the bugreport were for complain mode, and 
there was only a log event for the directory, not for any files in it.


Regards,

Christian Boltz
-- 
> I'd like to see systemctl accepting "abbreviated" service names, as
> in without the ".service" which is so very redundant, for starters.
You must love the speed we implement your wishes!
Frederic went ahead and commited your wish like... 6 months ago or so :)
[> Claudio Freire and Dominique Leuenberger in opensuse-packaging]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170407/5c49c480/attachment.pgp>


More information about the AppArmor mailing list