[apparmor] [patch] dovecot profile: add the attach_disconnected flag

Christian Boltz apparmor at cboltz.de
Sun Jun 25 08:54:01 UTC 2017


Hello,

Am Freitag, 14. April 2017, 01:42:25 CEST schrieb Christian Boltz:
> $subject.
> 
> Reported by pfak on IRC
> 
> [...] apparmor="DENIED" operation="sendmsg" info="Failed name lookup -
> disconnected path" error=-13 profile="/usr/sbin/dovecot"
> name="run/systemd/journal/dev-log" pid=20313 comm="dovecot"
> requested_mask="w" denied_mask="w" fsuid=0 ouid=0
> 
> 
> I propose this patch for 2.9, 2.10, 2.11 and trunk.
> 
> 
> [ dovecot-profile-attach-disconnected.diff ]
> 
> === modified file 'profiles/apparmor.d/usr.sbin.dovecot'
> --- profiles/apparmor.d/usr.sbin.dovecot        2017-01-30 19:43:47
> +0000 +++ profiles/apparmor.d/usr.sbin.dovecot        2017-04-13
> 23:38:32 +0000 @@ -12,7 +12,7 @@
> 
>  #include <tunables/global>
> 
> -/usr/sbin/dovecot {
> +/usr/sbin/dovecot flags=(attach_disconnected) {
>    #include <abstractions/authentication>
>    #include <abstractions/base>
>    #include <abstractions/dovecot-common>

Any comments or reviews on this patch?

If nobody objects, I'll commit it on Wednesday as Acked-by <timeout>.


Regards,

Christian Boltz
-- 
Wahrscheinlich habe ich wieder fürchterlichen Code produziert,
aber du bist ja mittlerweile schon beinahe mein persönlicher
Codestaubsauger. ;-)   [Andreas Schott]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170625/0b988c3e/attachment.pgp>


More information about the AppArmor mailing list