Hello, dovecot-lda needs - the attach_disconnected flags - read access to /usr/share/dovecot/protocols.d/ - rw for /run/dovecot/auth-userdb
References: https://bugs.launchpad.net/bugs/1650827 I propose this patch for 2.9, 2.10 and trunk. [ dovecot-lda-lp1650827.diff ] === modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda' --- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2016-02-20 00:15:20 +0000 +++ profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-04-02 10:46:01 +0000 @@ -12,7 +12,7 @@ #include <tunables/global> #include <tunables/dovecot> -/usr/lib/dovecot/dovecot-lda { +/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/dovecot-common> @@ -26,9 +26,11 @@ /proc/*/mounts r, owner /tmp/dovecot.lda.* rw, /{var/,}run/dovecot/mounts r, + /run/dovecot/auth-userdb rw, /usr/bin/doveconf mrix, /usr/lib/dovecot/dovecot-lda mrix, /usr/sbin/sendmail Cx, + /usr/share/dovecot/protocols.d/ r, # Site-specific additions and overrides. See local/README for details. #include <local/usr.lib.dovecot.dovecot-lda> Regards, Christian Boltz -- vi-Befehle sind sogar relativ einfach zu merken. Wenn man einmal weiß, was dw db de d) d( d} d{ dd d^ d$ d0 dG sowie cw und yw machen, dann weiß man auch, was cb ce c) c( c} c{ cc c^ c$ c0 cG sowie yb ye y) y( y} y{ yy y^ y$ y0 yG machen. [Bernd Brodesser in suse-linux]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
