From e97af4af46f4d4244daa46e32d874051124b9e52 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Thu, 13 Jun 2019 22:26:18 +0200
Subject: [PATCH] backport dovecot profile additions

This is a partial backport of bc36daa264b0f0067deeb1de893a27b25bc5e4e4
(without the abstractions/nameservice removal in
usr.lib.dovecot.pop3-login)

Original commmit message:

dovecot: align {pop3,managesieve}-login to imap-login

Those 3 login daemons should have similiar needs and thus similar
profiles. IMAP is likely the most tested one so let's align the
other 2 with it. Unix and TCP sockets rules were added to pop3-login
after the removal of abstractions/nameservice that included them
implicitly.

Signed-off-by: Simon Deziel <simon@sdeziel.info>
---
 profiles/apparmor.d/usr.lib.dovecot.managesieve-login | 1 +
 profiles/apparmor.d/usr.lib.dovecot.pop3-login        | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
index 7eecf9868..4504fd958 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -25,6 +25,7 @@
 
   network inet stream,
   network inet6 stream,
+  network unix stream,
 
   /usr/lib/dovecot/managesieve-login mr,
   /{,var/}run/dovecot/login-master-notify* rw,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
index ab6ec84dc..7d6cbed0a 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -22,8 +22,11 @@
   capability setuid,
   capability sys_chroot,
 
+  network unix stream,
+
   /usr/lib/dovecot/pop3-login mr,
   /{,var/}run/dovecot/anvil rw,
+  /{,var/}run/dovecot/login-master-notify* rw,
   /{,var/}run/dovecot/login/ r,
   /{,var/}run/dovecot/login/* rw,