From 6f6b3c57fba9938bad2d41325956415cd323f39c Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sun, 26 Nov 2017 16:38:06 +0100
Subject: [PATCH] allow dac_read_search and dac_override for dovecot/auth

This is needed for:
- /var/spool/postfix/private/ (postfix:root 700) -> dac_read_search
- /run/dovecot/auth-worker (dovecot:root 600) -> dac_override

References: https://bugzilla.opensuse.org/show_bug.cgi?id=1069470
---
 profiles/apparmor.d/usr.lib.dovecot.auth | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
index a9e63b39b..fcb54364e 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -22,6 +22,8 @@
   #include <abstractions/dovecot-common>
 
   capability audit_write,
+  capability dac_override,
+  capability dac_read_search,
   capability setuid,
 
   /etc/my.cnf r,