[apparmor] [patch] update dovecot-lda profile
Christian Boltz
apparmor at cboltz.de
Sun Apr 2 11:20:52 UTC 2017
Hello,
dovecot-lda needs
- the attach_disconnected flags
- read access to /usr/share/dovecot/protocols.d/
- rw for /run/dovecot/auth-userdb
References: https://bugs.launchpad.net/bugs/1650827
I propose this patch for 2.9, 2.10 and trunk.
[ dovecot-lda-lp1650827.diff ]
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda'
--- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2016-02-20 00:15:20 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-04-02 10:46:01 +0000
@@ -12,7 +12,7 @@
#include <tunables/global>
#include <tunables/dovecot>
-/usr/lib/dovecot/dovecot-lda {
+/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/dovecot-common>
@@ -26,9 +26,11 @@
/proc/*/mounts r,
owner /tmp/dovecot.lda.* rw,
/{var/,}run/dovecot/mounts r,
+ /run/dovecot/auth-userdb rw,
/usr/bin/doveconf mrix,
/usr/lib/dovecot/dovecot-lda mrix,
/usr/sbin/sendmail Cx,
+ /usr/share/dovecot/protocols.d/ r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.dovecot-lda>
Regards,
Christian Boltz
--
vi-Befehle sind sogar relativ einfach zu merken. Wenn man einmal weiß,
was dw db de d) d( d} d{ dd d^ d$ d0 dG sowie cw und yw machen, dann
weiß man auch, was cb ce c) c( c} c{ cc c^ c$ c0 cG sowie yb ye y) y( y}
y{ yy y^ y$ y0 yG machen. [Bernd Brodesser in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170402/013fb7a5/attachment.pgp>
More information about the AppArmor
mailing list