On 01/26/2014 03:17 PM, Christian Boltz wrote: > Hello, > > this patch is an interesting one - /usr/lib/dovecot/auth reads the mysql > config files, which is not covered by abstractions/mysql. > > Now the interesting question is where we should add this. > > a) add it to abstractions/mysql "because it belongs to mysql" even if > /usr/lib/dovecot/auth is the only one that needs it > > b) add it to usr.lib.dovecot.auth "because only /usr/lib/dovecot/auth > is the only one that needs it" > > At the moment, I tend to b) to avoid superfluous permissions for other > programs with abstractions/mysql, but I'd like to hear your opinions ;-) > > I tend to agree, though I wonder why mysql doesn't need it
Acked-by: John Johansen <john.johan...@canonical.com> > === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth' > --- profiles/apparmor.d/usr.lib.dovecot.auth 2014-01-26 21:46:51 > +++ profiles/apparmor.d/usr.lib.dovecot.auth 2014-01-26 22:36:47 > @@ -23,6 +23,10 @@ > capability setgid, > capability setuid, > > + /etc/my.cnf r, > + /etc/my.cnf.d/ r, > + /etc/my.cnf.d/*.cnf r, > + > /etc/dovecot/dovecot-database.conf.ext r, > /etc/dovecot/dovecot-sql.conf.ext r, > /usr/lib/dovecot/auth mr, > > > Regards, > > Christian Boltz > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor