On Mon, Oct 03, 2016 at 10:07:17PM +0200, Christian Boltz wrote: > Hello, > > $subject. > > - dovecot/auth: allow to read stats-user > - dovecot/config: allow to read /usr/share/dovecot/** > - dovecot/imap: allow to ix doveconf, read /etc/dovecot/ and > /usr/share/dovecot/** > > These things were reported by FĂ©lix Sipma in Debian Bug#835826 > (with some help from sarnold on IRC) > > References: https://bugs.debian.org/835826 > > > Note: The bugreport says that the dovecot/lmtp profile also needs > @{HOME}/.dovecot.svbin r, > added, bug http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage says that > sieve uses the .svbin extension for all sieve scripts. I'm unsure if > allowing one specific file makes sense, so let's get the easy things > in now, and do a follow-up patch once this is clarified. > > > I propose this patch for trunk, 2.10 and 2.9. > > > > [ dovecot-profiles-deb835826.diff ]
Acked for all three, thanks. Acked-by: Seth Arnold <[email protected]> > > === modified file 'profiles/apparmor.d/usr.lib.dovecot.auth' > --- profiles/apparmor.d/usr.lib.dovecot.auth 2016-04-06 22:53:06 +0000 > +++ profiles/apparmor.d/usr.lib.dovecot.auth 2016-10-03 19:35:41 +0000 > @@ -38,7 +38,7 @@ > /var/tmp/smtp_* rw, > > /{var/,}run/dovecot/auth-token-secret.dat{,.tmp} rw, > - /{var/,}run/dovecot/stats-user w, > + /{var/,}run/dovecot/stats-user rw, > > # Site-specific additions and overrides. See local/README for details. > #include <local/usr.lib.dovecot.auth> > > === modified file 'profiles/apparmor.d/usr.lib.dovecot.config' > --- profiles/apparmor.d/usr.lib.dovecot.config 2014-06-27 19:14:53 +0000 > +++ profiles/apparmor.d/usr.lib.dovecot.config 2016-10-03 19:36:06 +0000 > @@ -23,6 +23,7 @@ > /usr/bin/doveconf rix, > /usr/lib/dovecot/config mr, > /usr/lib/dovecot/managesieve Px, > + /usr/share/dovecot/** r, > > # Site-specific additions and overrides. See local/README for details. > #include <local/usr.lib.dovecot.config> > > === modified file 'profiles/apparmor.d/usr.lib.dovecot.imap' > --- profiles/apparmor.d/usr.lib.dovecot.imap 2015-09-03 16:27:00 +0000 > +++ profiles/apparmor.d/usr.lib.dovecot.imap 2016-10-03 19:39:38 +0000 > @@ -25,7 +25,14 @@ > @{DOVECOT_MAILSTORE}/** rwkl, > > @{HOME} r, # ??? > - /usr/lib/dovecot/imap mr, > + > + /etc/dovecot/dovecot.conf r, > + /etc/dovecot/conf.d/ r, > + /etc/dovecot/conf.d/** r, > + > + /usr/bin/doveconf rix, > + /usr/lib/dovecot/imap mrix, > + /usr/share/dovecot/** r, > /{,var/}run/dovecot/auth-master rw, > /{,var/}run/dovecot/mounts r, > > >
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
