I'd even recommend to restrict it a bit more:
owner /tmp/antispam-mail*/ rw,
owner /tmp/antispam-mail*/* rwkl,
sendmail might be a candidate for a child profile. Such a (maybe too
generous) profile already exists in the dovecot-lda profile, so cleaning
it up and removing permissions that are not needed for "just" sending a
mail might be a good idea.
I won't object if you provide a generic sendmail profile that we can Px
into (feel free to use the child profile in dovecot-lda as a base), but
that needs much more testing before shipping and enforcing it in the
default setup.
** Also affects: apparmor
Importance: Undecided
Status: New
** Tags added: aa-policy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/482080
Title:
Dovecot's apparmor profile breaks dovecot-antispam
To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/482080/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
