Hello, this patch is an interesting one - /usr/lib/dovecot/auth reads the mysql config files, which is not covered by abstractions/mysql.
Now the interesting question is where we should add this. a) add it to abstractions/mysql "because it belongs to mysql" even if /usr/lib/dovecot/auth is the only one that needs it b) add it to usr.lib.dovecot.auth "because only /usr/lib/dovecot/auth is the only one that needs it" At the moment, I tend to b) to avoid superfluous permissions for other programs with abstractions/mysql, but I'd like to hear your opinions ;-) === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth' --- profiles/apparmor.d/usr.lib.dovecot.auth 2014-01-26 21:46:51 +++ profiles/apparmor.d/usr.lib.dovecot.auth 2014-01-26 22:36:47 @@ -23,6 +23,10 @@ capability setgid, capability setuid, + /etc/my.cnf r, + /etc/my.cnf.d/ r, + /etc/my.cnf.d/*.cnf r, + /etc/dovecot/dovecot-database.conf.ext r, /etc/dovecot/dovecot-sql.conf.ext r, /usr/lib/dovecot/auth mr, Regards, Christian Boltz -- chliEßlichle sendi emeiSt Enleut ehier mehralsdreIpo Stingsa Mtag sOd Asesdoch et. Waserm üdentwärdenkahnimmerrattentsumÜßenw aßIrge nDeinezUs Ahmäst ell unkvonbU chst, abensagenw iel ;-) [Tilman Ahr in dcoulm zum Thema "Rechtschreibfehler stoeren doch nicht"] -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
