Hello, dovecot/auth needs read access to /etc/dovecot/* when using plaintext user/password files (everybody will use a different filename for the user/password list - and when you allow reading the password list, allowing to read the config doesn't add any harm ;-)
References: https://bugzilla.novell.com/show_bug.cgi?id=874094 === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth' --- profiles/apparmor.d/usr.lib.dovecot.auth 2014-07-07 21:35:18 +++ profiles/apparmor.d/usr.lib.dovecot.auth 2014-08-10 18:43:08 @@ -27,8 +27,7 @@ /etc/my.cnf.d/ r, /etc/my.cnf.d/*.cnf r, - /etc/dovecot/dovecot-database.conf.ext r, - /etc/dovecot/dovecot-sql.conf.ext r, + /etc/dovecot/* r, /usr/lib/dovecot/auth mr, # kerberos replay cache Regards, Christian Boltz -- Whoa whoa whoa that's WAY too efficient. Using tools that already exist? Instead of inventing a whole new system and living with bugs? Blaspheme. [Brian K. White in opensuse-factory] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor