Hello, after testing the dovecot profiles on a new server, I noticed /usr/sbin/dovecot needs some more permissions: -mysql access - execution permissions for /usr/lib/dovecot/dict and lmtp - write access to some postfix sockets, used to - provide SMTP Auth via dovecot - deliver mails to dovecot via LMTP - and read access to /proc/filesystems
=== modified file 'profiles/apparmor.d/usr.sbin.dovecot' --- profiles/apparmor.d/usr.sbin.dovecot 2014-01-26 21:48:02 +0000 +++ profiles/apparmor.d/usr.sbin.dovecot 2014-01-26 23:18:44 +0000 @@ -15,6 +15,7 @@ /usr/sbin/dovecot { #include <abstractions/authentication> #include <abstractions/base> + #include <abstractions/mysql> #include <abstractions/nameservice> #include <abstractions/ssl_certs> #include <abstractions/ssl_keys> @@ -33,13 +34,16 @@ /etc/lsb-release r, /etc/SuSE-release r, @{PROC}/@{pid}/mounts r, + @{PROC}/filesystems r, /usr/bin/doveconf rix, /usr/lib/dovecot/anvil Px, /usr/lib/dovecot/auth Px, /usr/lib/dovecot/config Px, + /usr/lib/dovecot/dict Px, /usr/lib/dovecot/dovecot-auth Pxmr, /usr/lib/dovecot/imap Pxmr, /usr/lib/dovecot/imap-login Pxmr, + /usr/lib/dovecot/lmtp Px, /usr/lib/dovecot/log Px, /usr/lib/dovecot/managesieve Px, /usr/lib/dovecot/managesieve-login Pxmr, @@ -50,6 +54,8 @@ /usr/sbin/dovecot mrix, /var/lib/dovecot/ w, /var/lib/dovecot/* rwkl, + /var/spool/postfix/private/auth w, + /var/spool/postfix/private/dovecot-lmtp w, /{,var/}run/dovecot/ rw, /{,var/}run/dovecot/** rw, link /{,var/}run/dovecot/** -> /var/lib/dovecot/**, Regards, Christian Boltz -- Sorry, mit java kenne ich mich gar nicht aus, das ist mir einfach zu unportabel. [Thorsten Kukuk in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor