Hello,
I just remembered there's a dovecot profile patch in
openSUSE:11.4:Update:Text that has not made it into the Factory package
yet. I just updated it to match trunk.
I hope it's not too late to include it in 2.7 beta ;-)
Changes:
Dovecot profile update:
- allow /var/spool/mail, not only the /var/mail symlink
- allow @{HOME}/Mail/
- allow capability fsetid, read access to /etc/lsb-release and
SuSE-release and k for /var/{lib,run}/dovecot in usr.bin.dovecot
References:
- dovecot: Added support for /var/spool/mail (bnc#691072)
- Updated dovecot profile (bnc#681267).
Patch taken from openSUSE:11.4:Update:Test, file apparmor-profiles-
dovecot
updated to match trunk by Christian Boltz <apparmor at cboltz.de>
Regards,
Christian Boltz
--
<Ohmmmmm> Heiliger St.Tux öffne mir die Augen, welche durch jahrelangen
Missbrauch von KleinSoftFenster 3.1 - XP mit Fehlermeldungen zuge-
pflastert wurden, damit ich sehend werde für die Wunder des Reiches
das da heißt LINUX.</Ohmmmmm> (Heike Hautz in dcoulm)
-------------- next part --------------
Dovecot profile update:
- allow /var/spool/mail, not only the /var/mail symlink
- allow @{HOME}/Mail/
- allow capability fsetid, read access to /etc/lsb-release and
SuSE-release and k for /var/{lib,run}/dovecot in usr.bin.dovecot
References:
- dovecot: Added support for /var/spool/mail (bnc#691072)
- Updated dovecot profile (bnc#681267).
Patch taken from openSUSE:11.4:Update:Test, file apparmor-profiles-dovecot
updated to match trunk by Christian Boltz <apparmor at cboltz.de>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.deliver'
--- profiles/apparmor.d/usr.lib.dovecot.deliver 2010-08-05 19:00:02 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.deliver 2011-08-19 10:38:48 +0000
@@ -17,6 +17,7 @@
@{HOME}/mail/.imap/** klrw,
/usr/lib/dovecot/deliver mr,
/var/mail/* klrw,
+ /var/spool/mail/* klrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.deliver>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.imap'
--- profiles/apparmor.d/usr.lib.dovecot.imap 2010-08-05 19:00:02 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.imap 2011-08-19 10:39:44 +0000
@@ -11,11 +11,15 @@
@{HOME} r,
@{HOME}/Maildir/ rw,
@{HOME}/Maildir/** klrw,
+ @{HOME}/Mail/ rw,
+ @{HOME}/Mail/* klrw,
+ @{HOME}/Mail/.imap/** klrw,
@{HOME}/mail/ rw,
@{HOME}/mail/* klrw,
@{HOME}/mail/.imap/** klrw,
/usr/lib/dovecot/imap mr,
/var/mail/* klrw,
+ /var/spool/mail/* klrw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.imap>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.pop3'
--- profiles/apparmor.d/usr.lib.dovecot.pop3 2010-08-05 19:00:02 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.pop3 2011-08-19 10:37:59 +0000
@@ -9,6 +9,7 @@
capability setuid,
/var/mail/* klrw,
+ /var/spool/mail/* klrw,
@{HOME} r,
@{HOME}/mail/* klrw,
@{HOME}/mail/.imap/** klrw,
=== modified file 'profiles/apparmor.d/usr.sbin.dovecot'
--- profiles/apparmor.d/usr.sbin.dovecot 2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/usr.sbin.dovecot 2011-08-19 10:44:14 +0000
@@ -13,9 +13,12 @@
capability setgid,
capability setuid,
capability sys_chroot,
+ capability fsetid,
/etc/dovecot/** r,
/etc/mtab r,
+ /etc/lsb-release r,
+ /etc/SuSE-release r,
/usr/lib/dovecot/dovecot-auth Pxmr,
/usr/lib/dovecot/imap Pxmr,
/usr/lib/dovecot/imap-login Pxmr,
@@ -26,10 +29,10 @@
/usr/lib/dovecot/managesieve-login Pxmr,
/usr/lib/dovecot/ssl-build-param ixr,
/usr/sbin/dovecot mr,
- /var/lib/dovecot/ w,
- /var/lib/dovecot/* krw,
- /{,var/}run/dovecot/ rw,
- /{,var/}run/dovecot/** rw,
+ /var/lib/dovecot/ wl,
+ /var/lib/dovecot/* krwl,
+ /{,var/}run/dovecot/ rwl,
+ /{,var/}run/dovecot/** rwl,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.dovecot>