On Sun, Apr 02, 2017 at 01:20:52PM +0200, Christian Boltz wrote: > dovecot-lda needs > - the attach_disconnected flags > - read access to /usr/share/dovecot/protocols.d/ > - rw for /run/dovecot/auth-userdb > > References: https://bugs.launchpad.net/bugs/1650827 > > I propose this patch for 2.9, 2.10 and trunk.
Acked-by: Steve Beattie <[email protected]> for all three, though... > [ dovecot-lda-lp1650827.diff ] > > === modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda' > --- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2016-02-20 00:15:20 > +0000 > +++ profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-04-02 10:46:01 > +0000 > @@ -12,7 +12,7 @@ > #include <tunables/global> > #include <tunables/dovecot> > > -/usr/lib/dovecot/dovecot-lda { > +/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) { > #include <abstractions/base> > #include <abstractions/nameservice> > #include <abstractions/dovecot-common> > @@ -26,9 +26,11 @@ > /proc/*/mounts r, > owner /tmp/dovecot.lda.* rw, > /{var/,}run/dovecot/mounts r, > + /run/dovecot/auth-userdb rw, > /usr/bin/doveconf mrix, > /usr/lib/dovecot/dovecot-lda mrix, > /usr/sbin/sendmail Cx, > + /usr/share/dovecot/protocols.d/ r, I'm surprised that there isn't any need to read files in that directory. Unless in this configuration there's nothing within that directory for dovecot-lda specifically. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
