Hello, $subject.
- dovecot/auth: allow to read stats-user - dovecot/config: allow to read /usr/share/dovecot/** - dovecot/imap: allow to ix doveconf, read /etc/dovecot/ and /usr/share/dovecot/** These things were reported by Félix Sipma in Debian Bug#835826 (with some help from sarnold on IRC) References: https://bugs.debian.org/835826 Note: The bugreport says that the dovecot/lmtp profile also needs @{HOME}/.dovecot.svbin r, added, bug http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage says that sieve uses the .svbin extension for all sieve scripts. I'm unsure if allowing one specific file makes sense, so let's get the easy things in now, and do a follow-up patch once this is clarified. I propose this patch for trunk, 2.10 and 2.9. [ dovecot-profiles-deb835826.diff ] === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth' --- profiles/apparmor.d/usr.lib.dovecot.auth 2016-04-06 22:53:06 +0000 +++ profiles/apparmor.d/usr.lib.dovecot.auth 2016-10-03 19:35:41 +0000 @@ -38,7 +38,7 @@ /var/tmp/smtp_* rw, /{var/,}run/dovecot/auth-token-secret.dat{,.tmp} rw, - /{var/,}run/dovecot/stats-user w, + /{var/,}run/dovecot/stats-user rw, # Site-specific additions and overrides. See local/README for details. #include <local/usr.lib.dovecot.auth> === modified file 'profiles/apparmor.d/usr.lib.dovecot.config' --- profiles/apparmor.d/usr.lib.dovecot.config 2014-06-27 19:14:53 +0000 +++ profiles/apparmor.d/usr.lib.dovecot.config 2016-10-03 19:36:06 +0000 @@ -23,6 +23,7 @@ /usr/bin/doveconf rix, /usr/lib/dovecot/config mr, /usr/lib/dovecot/managesieve Px, + /usr/share/dovecot/** r, # Site-specific additions and overrides. See local/README for details. #include <local/usr.lib.dovecot.config> === modified file 'profiles/apparmor.d/usr.lib.dovecot.imap' --- profiles/apparmor.d/usr.lib.dovecot.imap 2015-09-03 16:27:00 +0000 +++ profiles/apparmor.d/usr.lib.dovecot.imap 2016-10-03 19:39:38 +0000 @@ -25,7 +25,14 @@ @{DOVECOT_MAILSTORE}/** rwkl, @{HOME} r, # ??? - /usr/lib/dovecot/imap mr, + + /etc/dovecot/dovecot.conf r, + /etc/dovecot/conf.d/ r, + /etc/dovecot/conf.d/** r, + + /usr/bin/doveconf rix, + /usr/lib/dovecot/imap mrix, + /usr/share/dovecot/** r, /{,var/}run/dovecot/auth-master rw, /{,var/}run/dovecot/mounts r, Regards, Christian Boltz -- Um es auf dein Beispiel zu übertragen: [...] - oder - Wir stehen sowieso mit runtergelassener Unterhose mitten auf der Autobahn 7 und es ist relativ egal, ob wir jetzt noch eine Gummi-Hupe und eine Taschenlampe in der Hand halten, während ein Tanklaster auf uns zuhält. [Ratti in fontlinge-devel]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
