mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge dovecot: backport usr.lib.dovecot.script-login to 2.13

Browse source 
Backport profile to fix denials in Debian Buster+Bullseye.

Add hashes for #include's, remove abi specification.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/672
Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2020-10-27 20:56:09 +00:00
commit 6a8a5de637
2 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
profiles/apparmor.d/usr.lib.dovecot.script-login Normal file
View file

@ -0,0 +1,33 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2020 Michael Hirmke
# Copyright (C) 2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim: ft=apparmor
#include <tunables/global>
profile dovecot-script-login /usr/lib/dovecot/script-login {
#include <abstractions/base>
#include <abstractions/dovecot-common>
#include <abstractions/nameservice>
capability setuid,
/usr/lib/dovecot/script-login mrPx,
# NOTE: You'll need to allow execution of your actual login script.
# The recommended way is to add a rule for it in local/usr.lib.dovecot.script-login
# for example
# /home/vmail/bin/postlogin.sh Px,
# and then to create the profile for the script.
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.script-login>
}

1
profiles/apparmor.d/usr.sbin.dovecot
View file

@ -56,6 +56,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
/usr/lib/dovecot/managesieve-login Pxmr,
/usr/lib/dovecot/pop3 mrPx,
/usr/lib/dovecot/pop3-login Pxmr,
/usr/lib/dovecot/script-login Px,
/usr/lib/dovecot/ssl-build-param rix,
/usr/lib/dovecot/ssl-params mrPx,
/usr/lib/dovecot/stats Px,