[apparmor] [patch] dovecot profile: add the attach_disconnected flag

Christian Boltz apparmor at cboltz.de
Thu Apr 13 23:42:25 UTC 2017


Hello,

$subject.

Reported by pfak on IRC

[...] apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dovecot" name="run/systemd/journal/dev-log" pid=20313 comm="dovecot" requested_mask="w" denied_mask="w" fsuid=0 ouid=0


I propose this patch for 2.9, 2.10, 2.11 and trunk.


[ dovecot-profile-attach-disconnected.diff ]

=== modified file 'profiles/apparmor.d/usr.sbin.dovecot'
--- profiles/apparmor.d/usr.sbin.dovecot        2017-01-30 19:43:47 +0000
+++ profiles/apparmor.d/usr.sbin.dovecot        2017-04-13 23:38:32 +0000
@@ -12,7 +12,7 @@
 
 #include <tunables/global>
 
-/usr/sbin/dovecot {
+/usr/sbin/dovecot flags=(attach_disconnected) {
   #include <abstractions/authentication>
   #include <abstractions/base>
   #include <abstractions/dovecot-common>



Regards,

Christian Boltz
-- 
Cool{,o} page!
[Bernhard Voelker in opensuse-factory about the Staging Dashboard]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170414/226d80f9/attachment.pgp>


More information about the AppArmor mailing list