On 01/26/2014 03:35 PM, Christian Boltz wrote: > Hello, > > after testing the dovecot profiles on a new server, I noticed > /usr/sbin/dovecot needs some more permissions: > -mysql access > - execution permissions for /usr/lib/dovecot/dict and lmtp > - write access to some postfix sockets, used to > - provide SMTP Auth via dovecot > - deliver mails to dovecot via LMTP > - and read access to /proc/filesystems > > hrmmm looks okay
Acked-by: John Johansen <john.johan...@canonical.com> > === modified file 'profiles/apparmor.d/usr.sbin.dovecot' > --- profiles/apparmor.d/usr.sbin.dovecot 2014-01-26 21:48:02 +0000 > +++ profiles/apparmor.d/usr.sbin.dovecot 2014-01-26 23:18:44 +0000 > @@ -15,6 +15,7 @@ > /usr/sbin/dovecot { > #include <abstractions/authentication> > #include <abstractions/base> > + #include <abstractions/mysql> > #include <abstractions/nameservice> > #include <abstractions/ssl_certs> > #include <abstractions/ssl_keys> > @@ -33,13 +34,16 @@ > /etc/lsb-release r, > /etc/SuSE-release r, > @{PROC}/@{pid}/mounts r, > + @{PROC}/filesystems r, > /usr/bin/doveconf rix, > /usr/lib/dovecot/anvil Px, > /usr/lib/dovecot/auth Px, > /usr/lib/dovecot/config Px, > + /usr/lib/dovecot/dict Px, > /usr/lib/dovecot/dovecot-auth Pxmr, > /usr/lib/dovecot/imap Pxmr, > /usr/lib/dovecot/imap-login Pxmr, > + /usr/lib/dovecot/lmtp Px, > /usr/lib/dovecot/log Px, > /usr/lib/dovecot/managesieve Px, > /usr/lib/dovecot/managesieve-login Pxmr, > @@ -50,6 +54,8 @@ > /usr/sbin/dovecot mrix, > /var/lib/dovecot/ w, > /var/lib/dovecot/* rwkl, > + /var/spool/postfix/private/auth w, > + /var/spool/postfix/private/dovecot-lmtp w, > /{,var/}run/dovecot/ rw, > /{,var/}run/dovecot/** rw, > link /{,var/}run/dovecot/** -> /var/lib/dovecot/**, > > > > Regards, > > Christian Boltz > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor